Enabling strict mTLS across the mesh does not enable strict mode #28869

Which section(s) is the issue in?

Enabling strict mTLS across the mesh
https://docs.openshift.com/container-platform/4.6/service_mesh/v2x/ossm-security.html#ossm-security-enabling-strict-mtls_ossm-security

The docs says "Enabling strict mTLS" by setting spec.security.controlPlane.mtls to true in your ServiceMeshControlPlane resource. But it enables permissive mode not strict mode.

What needs fixing?

Edit PeerAuthentication in the namespace where SMCP is deployed.

apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
namespace: <NAMESPACE where SMCP is deployed>
spec:
mtls:
mode: STRICT

duplicates

OSSM-2984 Expand mtls documentation

Closed

links to

openshift/openshift-docs#28869: Enabling strict mTLS across the mesh does not enable strict mode

Assignee:: Julie Stickler (Inactive)

Reporter:: Julie Stickler (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2021/03/25 3:19 PM

Updated:: 2023/01/17 10:06 PM

Resolved:: 2022/01/20 6:19 PM

Details

Description

Enabling strict mTLS across the mesh does not enable strict mode #28869

Which section(s) is the issue in?

What needs fixing?

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates