istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mTLS -> mutual TLS (#3717)

This commit is contained in:
Martin Taillefer 2019-03-15 21:07:52 -07:00 committed by GitHub
parent 6077db4e47
commit b409371b9f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/blog/2018/egress-mongo/index.md
View File

@ -595,7 +595,7 @@ to be 443. The egress gateway accepts the MongoDB traffic on the port 443, match
{{< tabset cookie-name="mtls" >}} {{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}} {{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF
@ -676,7 +676,7 @@ to be 443. The egress gateway accepts the MongoDB traffic on the port 443, match
{{< /tab >}} {{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}} {{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF

4
content/docs/examples/advanced-gateways/egress-gateway-tls-origination/index.md
View File

@ -99,7 +99,7 @@ be done by the egress gateway, as opposed to by the sidecar in the previous exam
{{< tabset cookie-name="mtls" >}} {{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}} {{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF
@ -145,7 +145,7 @@ be done by the egress gateway, as opposed to by the sidecar in the previous exam
{{< /tab >}} {{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}} {{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF

20
content/docs/examples/advanced-gateways/egress-gateway/index.md
View File

@ -112,9 +112,9 @@ First create a `ServiceEntry` to allow direct traffic to an external service.
{{< tabset cookie-name="mtls" >}} {{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}} {{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: Gateway kind: Gateway
@ -154,13 +154,13 @@ First create a `ServiceEntry` to allow direct traffic to an external service.
mode: ISTIO_MUTUAL mode: ISTIO_MUTUAL
sni: edition.cnn.com sni: edition.cnn.com
EOF EOF
{{< /text >}} {{< /text >}}
{{< /tab >}} {{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}} {{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: Gateway kind: Gateway
@ -320,9 +320,9 @@ You need to specify port 443 with protocol `TLS` in a corresponding `ServiceEntr
{{< tabset cookie-name="mtls" >}} {{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}} {{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: Gateway kind: Gateway
@ -397,13 +397,13 @@ You need to specify port 443 with protocol `TLS` in a corresponding `ServiceEntr
number: 443 number: 443
weight: 100 weight: 100
EOF EOF
{{< /text >}} {{< /text >}}
{{< /tab >}} {{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}} {{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: Gateway kind: Gateway

12
content/docs/examples/advanced-gateways/wildcard-egress-hosts/index.md
View File

@ -423,9 +423,9 @@ The SNI proxy will forward the traffic to port `443`.
{{< tabset cookie-name="mtls" >}} {{< tabset cookie-name="mtls" >}}
{{< tab name="mTLS enabled" cookie-value="enabled" >}} {{< tab name="mutual TLS enabled" cookie-value="enabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: Gateway kind: Gateway
@ -536,13 +536,13 @@ The SNI proxy will forward the traffic to port `443`.
filterType: NETWORK filterType: NETWORK
filterConfig: {} filterConfig: {}
EOF EOF
{{< /text >}} {{< /text >}}
{{< /tab >}} {{< /tab >}}
{{< tab name="mTLS disabled" cookie-value="disabled" >}} {{< tab name="mutual TLS disabled" cookie-value="disabled" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: Gateway kind: Gateway
@ -607,7 +607,7 @@ The SNI proxy will forward the traffic to port `443`.
number: 8443 number: 8443
weight: 100 weight: 100
EOF EOF
{{< /text >}} {{< /text >}}
{{< /tab >}} {{< /tab >}}

8
content/docs/setup/kubernetes/install/kubernetes/index.md
View File

@ -41,7 +41,7 @@ This permits customization of Istio to operator specific requirements.
{{< tabset cookie-name="profile" >}} {{< tabset cookie-name="profile" >}}
{{< tab name="permissive mTLS" cookie-value="permissive" >}} {{< tab name="permissive mutual TLS" cookie-value="permissive" >}}
When using the permissive mutual TLS mode, all services accept both plain text and When using the permissive mutual TLS mode, all services accept both plain text and
mutual TLS traffic. Clients send plain text traffic unless configured for mutual TLS traffic. Clients send plain text traffic unless configured for
[mutual migration](/docs/tasks/security/mtls-migration/#configure-clients-to-send-mutual-tls-traffic). [mutual migration](/docs/tasks/security/mtls-migration/#configure-clients-to-send-mutual-tls-traffic).
@ -62,7 +62,7 @@ $ kubectl apply -f install/kubernetes/istio-demo.yaml
{{< /tab >}} {{< /tab >}}
{{< tab name="strict mTLS" cookie-value="strict" >}} {{< tab name="strict mutual TLS" cookie-value="strict" >}}
This variant will enforce This variant will enforce
[mutual TLS authentication](/docs/concepts/security/#mutual-tls-authentication) between all clients and servers. [mutual TLS authentication](/docs/concepts/security/#mutual-tls-authentication) between all clients and servers.
@ -175,7 +175,7 @@ non-existent resources because they may have been deleted hierarchically.
{{< tabset cookie-name="profile" >}} {{< tabset cookie-name="profile" >}}
{{< tab name="permissive mTLS" cookie-value="permissive" >}} {{< tab name="permissive mutual TLS" cookie-value="permissive" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl delete -f install/kubernetes/istio-demo.yaml $ kubectl delete -f install/kubernetes/istio-demo.yaml
@ -183,7 +183,7 @@ $ kubectl delete -f install/kubernetes/istio-demo.yaml
{{< /tab >}} {{< /tab >}}
{{< tab name="strict mTLS" cookie-value="strict" >}} {{< tab name="strict mutual TLS" cookie-value="strict" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl delete -f install/kubernetes/istio-demo-auth.yaml $ kubectl delete -f install/kubernetes/istio-demo-auth.yaml