Proxy Authc via means of client TLS certificate


Are there any possibilities for securing auth proxy requests via TLS certificates?
As of now, I’m only aware of the possibility for filtering out via the IP address of potential proxy (the internalProxies config) but, as we run this in a kubernetes cluster, things are very much in flux all the time (or we at least should design our configurations with that in mind).

I saw that searchguard (which seems to have some code in opendistro’s security plugin) at least offers this in their new proxy2 module? Is this something that we might expect to see or are there workarounds that anyone is using?

Kind regards!