ClientTlsPolicy
Proto: client_tls_policy.proto
Package: security.policy.gloo.solo.io
Types:
- ClientTLSPolicySpec
- ClientTLSPolicySpec.Disable
- ClientTLSPolicySpec.IstioMutual
- ClientTLSPolicySpec.Mutual
- ClientTLSPolicySpec.Simple
- ClientTLSPolicyStatus
- ClientTLSPolicyStatus.WorkspacesEntry
- TLSConfig
ClientTLSPolicySpec
ClientTLSPolicy explicitly controls the TLS/mTLS configuration for upstream connections
Field | Description |
---|---|
applyToDestinations |
(repeated common.gloo.solo.io.DestinationSelector ) |
disable |
(ClientTLSPolicySpec.Disable ) |
simple |
(ClientTLSPolicySpec.Simple ) |
mutual |
(ClientTLSPolicySpec.Mutual ) |
istioMutual |
(ClientTLSPolicySpec.IstioMutual ) |
ClientTLSPolicySpec.Disable
Explicitly do not establish a TLS connection to the destination
ClientTLSPolicySpec.IstioMutual
Initiate a mutual TLS connection using the Istio provided certificates. This is useful if a more broad policy/configuration has disabled Istio mTLS but you need it enabled for a specific destination.
ClientTLSPolicySpec.Mutual
Initiate a mutual TLS connection and present client certificates via the provided credential/secret. This is separate from any TLS/mTLS provided by Istio.
Field | Description |
---|---|
config |
(TLSConfig ) |
ClientTLSPolicySpec.Simple
Initiate a basic TLS connection, and possibly verify the server certificate if provided a CA via credential/secret. This is separate from any TLS/mTLS provided by Istio.
Field | Description |
---|---|
config |
(TLSConfig ) |
ClientTLSPolicyStatus
Field | Description |
---|---|
global |
(common.gloo.solo.io.GenericGlobalStatus ) |
workspaces |
(repeated ClientTLSPolicyStatus.WorkspacesEntry )The status of the resource in each workspace that it exists in |
selectedDestinationPorts |
(repeated common.gloo.solo.io.DestinationReference )Destination ports selected by the policy |
ClientTLSPolicyStatus.WorkspacesEntry
Field | Description |
---|---|
key |
(string ) |
value |
(common.gloo.solo.io.WorkspaceStatus ) |
TLSConfig
Field | Description |
---|---|
sni |
(google.protobuf.StringValue )SNI string to present to the server during TLS handshake. Recommended to be set, however if omitted, the first hostname associated with the destination will be used |
credentialName |
(string )The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type generic) should contain the following keys and values: key: |