istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clarify mtls migration policy location (#12662)

This commit is contained in:
Frank Budinsky 2023-02-14 11:33:41 -05:00 committed by GitHub
parent 6eefdf43e1
commit f508e6aa90
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/en/docs/tasks/security/authentication/mtls-migration/index.md
View File

@ -93,7 +93,7 @@ $ kubectl apply -n foo -f - <<EOF
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: "default"
name: default
spec:
mtls:
mode: STRICT
@ -131,12 +131,14 @@ We recommend you use [Istio Authorization](/docs/tasks/security/authorization/au
## Lock down mutual TLS for the entire mesh
You can lock down workloads in all namespaces to only accept mutual TLS traffic by putting the policy in the system namespace of your Istio installation.
{{< text bash >}}
$ kubectl apply -n istio-system -f - <<EOF
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: "default"
name: default
spec:
mtls:
mode: STRICT

4
content/en/docs/tasks/security/authentication/mtls-migration/snips.sh
View File

@ -68,7 +68,7 @@ kubectl apply -n foo -f - <<EOF
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: "default"
name: default
spec:
mtls:
mode: STRICT
@ -103,7 +103,7 @@ kubectl apply -n istio-system -f - <<EOF
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: "default"
name: default
spec:
mtls:
mode: STRICT