istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mTLS -> mutual TLS (#3717)

This commit is contained in:
Martin Taillefer 2019-03-15 21:07:52 -07:00 committed by GitHub
parent 6077db4e47
commit b409371b9f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/blog/2018/egress-mongo/index.md
View File

@ -595,7 +595,7 @@ to be 443. The egress gateway accepts the MongoDB traffic on the port 443, match
{{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}}
{{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF
@ -676,7 +676,7 @@ to be 443. The egress gateway accepts the MongoDB traffic on the port 443, match
{{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}}
{{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF

4
content/docs/examples/advanced-gateways/egress-gateway-tls-origination/index.md
View File

@ -99,7 +99,7 @@ be done by the egress gateway, as opposed to by the sidecar in the previous exam
{{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}}
{{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF
@ -145,7 +145,7 @@ be done by the egress gateway, as opposed to by the sidecar in the previous exam
{{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}}
{{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF

20
content/docs/examples/advanced-gateways/egress-gateway/index.md
View File

@ -112,9 +112,9 @@ First create a `ServiceEntry` to allow direct traffic to an external service.
{{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}}
{{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
@ -154,13 +154,13 @@ First create a `ServiceEntry` to allow direct traffic to an external service.
mode: ISTIO_MUTUAL
sni: edition.cnn.com
EOF
{{< /text >}}
{{< /text >}}
{{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}}
{{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
@ -320,9 +320,9 @@ You need to specify port 443 with protocol `TLS` in a corresponding `ServiceEntr
{{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}}
{{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
@ -397,13 +397,13 @@ You need to specify port 443 with protocol `TLS` in a corresponding `ServiceEntr
number: 443
weight: 100
EOF
{{< /text >}}
{{< /text >}}
{{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}}
{{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway

12
content/docs/examples/advanced-gateways/wildcard-egress-hosts/index.md
View File

@ -423,9 +423,9 @@ The SNI proxy will forward the traffic to port `443`.
{{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}}
{{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
@ -536,13 +536,13 @@ The SNI proxy will forward the traffic to port `443`.
filterType: NETWORK
filterConfig: {}
EOF
{{< /text >}}
{{< /text >}}
{{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}}
{{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
@ -607,7 +607,7 @@ The SNI proxy will forward the traffic to port `443`.
number: 8443
weight: 100
EOF
{{< /text >}}
{{< /text >}}
{{< /tab >}}

8
content/docs/setup/kubernetes/install/kubernetes/index.md
View File

@ -41,7 +41,7 @@ This permits customization of Istio to operator specific requirements.
{{< tabset cookie-name="profile" >}}
{{< tab name="permissive mTLS" cookie-value="permissive" >}}
{{< tab name="permissive mutual TLS" cookie-value="permissive" >}}
When using the permissive mutual TLS mode, all services accept both plain text and
mutual TLS traffic. Clients send plain text traffic unless configured for
[mutual migration](/docs/tasks/security/mtls-migration/#configure-clients-to-send-mutual-tls-traffic).
@ -62,7 +62,7 @@ $ kubectl apply -f install/kubernetes/istio-demo.yaml
{{< /tab >}}
{{< tab name="strict mTLS" cookie-value="strict" >}}
{{< tab name="strict mutual TLS" cookie-value="strict" >}}
This variant will enforce
[mutual TLS authentication](/docs/concepts/security/#mutual-tls-authentication) between all clients and servers.
@ -175,7 +175,7 @@ non-existent resources because they may have been deleted hierarchically.
{{< tabset cookie-name="profile" >}}
{{< tab name="permissive mTLS" cookie-value="permissive" >}}
{{< tab name="permissive mutual TLS" cookie-value="permissive" >}}
{{< text bash >}}
$ kubectl delete -f install/kubernetes/istio-demo.yaml
@ -183,7 +183,7 @@ $ kubectl delete -f install/kubernetes/istio-demo.yaml
{{< /tab >}}
{{< tab name="strict mTLS" cookie-value="strict" >}}
{{< tab name="strict mutual TLS" cookie-value="strict" >}}
{{< text bash >}}
$ kubectl delete -f install/kubernetes/istio-demo-auth.yaml