istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix bad font (#548)

This commit is contained in:
Shriram Rajagopalan 2017-09-27 15:02:27 -04:00 committed by GitHub
parent 7c4ad19a4a
commit afb26d2deb
1 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
_docs/tasks/security/faq.md
View File

@ -9,24 +9,30 @@ type: markdown
---
{% include home.html %}
### Can a service with Istio Auth enabled communicate with a service without Istio?
* Can a service with Istio Auth enabled communicate with a service without
Istio?
Currently it is not well supported. But we do have plan to support this in the near future.
Currently it is not well supported. But we do have plan to support this
in the near future.
### Can I enable Istio Auth with some services while disable others in the same cluster?
* Can I enable Istio Auth with some services while disable others in the
same cluster?
Currently we only support cluster-wise Auth enable/disable. It is a high priority action item for us
to support per-service auth.
Currently we only support cluster-wise Auth enable/disable. It is a high
priority action item for us to support per-service auth.
### How can I use Kubernetes liveness and readiness for service health check with Istio Auth enabled?
* How can I use Kubernetes liveness and readiness for service health check
with Istio Auth enabled?
If Istio Auth is enabled, http and tcp health check from kubelet will not work since they do not have
Istio Auth issued certs. A workaround is to use command option for health check, e.g., one can install
curl in the service pod and curl itself within the pod. The Istio team is actively working on a real
solution.
If Istio Auth is enabled, http and tcp health check from kubelet will not
work since they do not have Istio Auth issued certs. A workaround is to
use command option for health check, e.g., one can install curl in the
service pod and curl itself within the pod. The Istio team is actively
working on a real solution.
### Can I access the Kubernetes API Server with Auth enabled?
* Can I access the Kubernetes API Server with Auth enabled?
The Kubernetes API server does not support mutual TLS authentication. Hence, when Istio mTLS
authentication is enabled, it is currently not possible to communicate from a pod with Istio sidecar
to the Kubernetes API server.
The Kubernetes API server does not support mutual TLS
authentication. Hence, when Istio mTLS authentication is enabled, it is
currently not possible to communicate from a pod with Istio sidecar to
the Kubernetes API server.