Navigation :

ClientTlsPolicy

Proto: client_tls_policy.proto

Package: security.policy.gloo.solo.io

Types:

ClientTLSPolicySpec
ClientTLSPolicySpec.Disable
ClientTLSPolicySpec.IstioMutual
ClientTLSPolicySpec.Mutual
ClientTLSPolicySpec.Simple
ClientTLSPolicyStatus
ClientTLSPolicyStatus.WorkspacesEntry
TLSConfig

ClientTLSPolicySpec

ClientTLSPolicy explicitly controls the TLS/mTLS configuration for upstream connections

Field	Description
`applyToDestinations`	(`repeated common.gloo.solo.io.DestinationSelector`)
`disable`	(`ClientTLSPolicySpec.Disable`)
`simple`	(`ClientTLSPolicySpec.Simple`)
`mutual`	(`ClientTLSPolicySpec.Mutual`)
`istioMutual`	(`ClientTLSPolicySpec.IstioMutual`)

ClientTLSPolicySpec.Disable

Explicitly do not establish a TLS connection to the destination

ClientTLSPolicySpec.IstioMutual

Initiate a mutual TLS connection using the Istio provided certificates. This is useful if a more broad policy/configuration has disabled Istio mTLS but you need it enabled for a specific destination.

ClientTLSPolicySpec.Mutual

Initiate a mutual TLS connection and present client certificates via the provided credential/secret. This is separate from any TLS/mTLS provided by Istio.

Field	Description
`config`	(`TLSConfig`)

ClientTLSPolicySpec.Simple

Initiate a basic TLS connection, and possibly verify the server certificate if provided a CA via credential/secret. This is separate from any TLS/mTLS provided by Istio.

Field	Description
`config`	(`TLSConfig`)

ClientTLSPolicyStatus

Field	Description
`global`	(`common.gloo.solo.io.GenericGlobalStatus`)
`workspaces`	(`repeated ClientTLSPolicyStatus.WorkspacesEntry`) The status of the resource in each workspace that it exists in
`selectedDestinationPorts`	(`repeated common.gloo.solo.io.DestinationReference`) Destination ports selected by the policy

ClientTLSPolicyStatus.WorkspacesEntry

Field	Description
`key`	(`string`)
`value`	(`common.gloo.solo.io.WorkspaceStatus`)

TLSConfig

Field Description

sni (google.protobuf.StringValue)

SNI string to present to the server during TLS handshake. Recommended to be set, however if omitted, the first hostname associated with the destination will be used

credentialName (string)

The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type generic) should contain the following keys and values: key: , cert: , cacert: . Here CACertificate is used to verify the server certificate. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. see: https://istio.io/latest/docs/reference/config/networking/destination-rule/#ClientTLSSettings

Field	Description
`sni`	(`google.protobuf.StringValue`) SNI string to present to the server during TLS handshake. Recommended to be set, however if omitted, the first hostname associated with the destination will be used
`credentialName`	(`string`) The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type generic) should contain the following keys and values: key: , cert: , cacert: . Here CACertificate is used to verify the server certificate. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. see: https://istio.io/latest/docs/reference/config/networking/destination-rule/#ClientTLSSettings