istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: support GWAPI frontend validation (#16739) 

Signed-off-by: Sergei Nikolaev <kinolaev@gmail.com>
This commit is contained in:
Sergei Nikolaev 2025-09-01 23:50:26 +04:00 committed by GitHub
parent a8847f37a9
commit 9baf3739f5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
View File

@ -543,10 +543,7 @@ EOF
{{< tab name="Gateway API" category-value="gateway-api" >}}
Because the Kubernetes Gateway API does not currently support mutual TLS termination in a
[Gateway](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Gateway),
we use an Istio-specific option, `gateway.istio.io/tls-terminate-mode: MUTUAL`,
to configure it:
Add a reference to a ConfigMap or a Secret with `ca.crt` or `cacert` key that holds CA certificates.
{{< text bash >}}
$ cat <<EOF | kubectl apply -f -
@ -566,8 +563,11 @@ spec:
mode: Terminate
certificateRefs:
- name: httpbin-credential
options:
gateway.istio.io/tls-terminate-mode: MUTUAL
frontendValidation:
caCertificateRefs:
- group: ""
kind: Secret
name: httpbin-credential
allowedRoutes:
namespaces:
from: Selector

7
content/en/docs/tasks/traffic-management/ingress/secure-ingress/snips.sh
View File

@ -441,8 +441,11 @@ spec:
mode: Terminate
certificateRefs:
- name: httpbin-credential
options:
gateway.istio.io/tls-terminate-mode: MUTUAL
frontendValidation:
caCertificateRefs:
- group: ""
kind: Secret
name: httpbin-credential
allowedRoutes:
namespaces:
from: Selector