istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updating statement about peer authn in l4-policy usage doc (#15206) 

* updating statement about peer authn in l4-policy usage doc

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* naughty suggestion

---------

Signed-off-by: Ian Rudie <ian.rudie@solo.io>
Co-authored-by: Craig Box <craig.box@gmail.com>
This commit is contained in:
Ian Rudie 2024-05-30 19:55:09 -04:00 committed by GitHub
parent 5223583941
commit 1727446158
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/en/docs/ambient/usage/l4-policy/index.md
View File

@ -108,10 +108,6 @@ This means that when you have a waypoint installed, **the ideal place to enforce
Istio's [peer authentication policies](/docs/concepts/security/#peer-authentication), which configure mutual TLS (mTLS) modes, are supported by ztunnel.
The default policy for ambient mode is `PERMISSIVE`, which allows pods to accept both mTLS-encrypted traffic (from within the mesh) and plain text traffic (from without). Enabling `STRICT` mode means that pods will only accept mTLS-encrypted traffic.
As ztunnel and {{< gloss >}}HBONE{{< /gloss >}} implies the use of mTLS, it is not possible to use the `DISABLE` mode in a policy. Such policies will be ignored.
If you need to disable mTLS for an entire namespace, you will have to disable ambient mode:
{{< text bash >}}
$ kubectl label namespace default istio.io/dataplane-mode-
{{< /text >}}