istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Document the compatability issue of auto mTLS and exlucdeInboundPort. (#8917) 

* Document the compatability issue of auto mTLS and exlucdeInboundPort.

* retitle

* Update content/en/faq/security/automtls-exlucde-port.md

Co-authored-by: Sven Mawson <sven@google.com>

* Update content/en/faq/security/automtls-exlucde-port.md

Co-authored-by: Sven Mawson <sven@google.com>

* more suggestions applied

* comments, rename.

Co-authored-by: Sven Mawson <sven@google.com>
This commit is contained in:
Jianfei Hu 2021-03-31 18:05:25 -07:00 committed by GitHub
parent 0c092b8f71
commit 072d6ae415
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
content/en/faq/security/automtls-exclude-port.md Normal file
View File

@ -0,0 +1,9 @@
---
title: Does Auto mutual TLS exclude ports set using "excludeInboundPorts" annotation?
weight: 80
---
No. When `traffic.sidecar.istio.io/excludeInboundPorts` is used on server workloads, Istio still
configures the client Envoy to send mutual TLS by default. To change that, you need to configure
a Destination Rule with mutual TLS mode set to `DISABLE` to have clients send plain text to those
ports.