Docs: Document mTLS

Documentation Request

Customers want to know:

• "What is the status of Big Bang and Big Bang core/add-on/third-party support for mTLS?"
• "Does Platform One require running Istio in full strict mode cluster-wide for reciprocity to be fulfilled and how Party Bus is utilizing Istio for mtls (i.e. what's their default tenant configuration)" Note: I asked a member of PB this, and was told it's not enabled on PB at the point in time when I asked / they were not using full mTLS in 100% of cases, because it'd break some workloads, but they were interested in revisiting in the future.
• Another customer's AO had a requirement for 100% of Kubernetes Node to Kubernetes Node Network Traffic to be Encrypted (regardless of how PB is doing it), they wanted to verify if encryption in transit was enabled for 100% of traffic. (Based on current state they used encrypted CNI.)

TomR: start a document in the BigBang repo to document where/how each application is doing mTLS.

Raw Notes to get organized into docs:

envoy mtls:

• fluentbit --> elasticsearch <-- kibana
• jaeger / kiali (with 1.7)
• cluster auditor

no mtls:

• prometheus / grafana / alertmanager

application provided mtls:

• twistlock <-- twistlock defenders

not relevant:

• opa
• eck operator

ECK in Big Bang isn't using mTLS, it's using the built in SSL within the ECK stack because you can't disable the built in SSL and use enterprise features like SSO. Docs say you can set a permissive mTLS policy for the namespace but that ended up breaking ECK.

Click here to see the doc:
https://repo1.dso.mil/platform-one/big-bang/bigbang/-/blob/network_encryption_and_ingress/docs/understanding_bigbang/network_encryption_and_ingress_diagram.md