So, here's what's up: We have HTTPs being handled externally by our nginx ingress on a kubernetes cluster. This is great and all, but it means any traffic between the proxy and its backing service is going over http. This is a bit of a flaw in our security coverage so we're trying to get that secondary internal traffic to travel over https as well.

Now, the ingress has a nginx.ingress.kubernetes.io/proxy-ssl-secret: secretName which should allow us to get the backend services certificates. But no matter how I setup the ca, etc, there service terminals before sending anything.