UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

1032: Enable Istio mTLS globally on istio-system namespace

Merged 1032: Enable Istio mTLS globally on istio-system namespace
1032-enable-mtls-globally-II into master
1 unresolved thread
Merged Chris Harden requested to merge 1032-enable-mtls-globally-II into master
1 unresolved thread

Package Merge Request

Package Changes

Add values to istio that drive mTLS globally

Package MR

big-bang/product/packages/istio-controlplane!175 (merged)

For Issue

Closes #1032 (closed)

Closes #1032 (closed)

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
chart/values.yaml
155 155 istio:
156 156 # -- Toggle deployment of Istio.
157 157 enabled: true
158 mtls:
159 # -- STRICT = Allow only mutual TLS traffic,
160 # PERMISSIVE = Allow both plain text and mutual TLS traffic
161 mode: STRICT
  • Micah Nagel
    Micah Nagel @micah.nagel ·
    Guest

    Personal opinion as a BB user - STRICT for everything out of the box scares me a lot, since it forces strict on my mission apps, etc (it's also possibly why the master pipeline failed, if fortify was not ready for strict mtls :wink:). I would greatly prefer PERMISSIVE default, but ability to switch to STRICT when I'm ready.

  • Please register or sign in to reply
Please register or sign in to reply

UNCLASSIFIED - NO CUI