istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/_faq/security/enabling-disabling-mtls.md

746 B
Raw Blame History

title order type
How can I enable/disable mTLS encryption after I installed Istio? 10 markdown

{% include home.html %}

The most straightforward way to enable/disable mTLS is by entirely uninstalling and re-installing Istio.

If you are an advanced user and understand the risks you can also do the following:

kubectl edit configmap -n istio-system istio

comment out or uncomment authPolicy: MUTUAL_TLS to toggle mTLS and then

kubectl delete pods -n istio-system -l istio=pilot

to restart Pilot, after a few seconds (depending on your *RefreshDelay) your Envoy proxies will have picked up the change from Pilot. During that time your services may be unavailable.

We are working on a smoother solution.