ClientTlsPolicy
ClientTlsPolicy API reference.
Proto: client_tls_policy.proto
Package: security.policy.gloo.solo.io
ClientTLSPolicyReport
Field | Description |
---|---|
workspaces | (repeated ClientTLSPolicyReport.WorkspacesEntry )The status of the resource in each workspace that it exists in. |
selectedDestinationPorts | (repeated common.gloo.solo.io.DestinationReference )A list of destination ports selected by the policy. |
ClientTLSPolicyReport.WorkspacesEntry
Field | Description |
---|---|
key | (string ) |
value | (common.gloo.solo.io.Report ) |
ClientTLSPolicySpec
ClientTLSPolicy explicitly controls the TLS/mTLS configuration for upstream connections
Field | Description |
---|---|
applyToDestinations | (repeated common.gloo.solo.io.DestinationSelector ) |
disable | (ClientTLSPolicySpec.Disable ) |
simple | (ClientTLSPolicySpec.Simple ) |
mutual | (ClientTLSPolicySpec.Mutual ) |
istioMutual | (ClientTLSPolicySpec.IstioMutual ) |
ClientTLSPolicySpec.Disable
Explicitly do not establish a TLS connection to the destination
ClientTLSPolicySpec.IstioMutual
Initiate a mutual TLS connection using the Istio provided certificates. This is useful if a more broad policy/configuration has disabled Istio mTLS but you need it enabled for a specific destination.
ClientTLSPolicySpec.Mutual
Initiate a mutual TLS connection and present client certificates via the provided credential/secret. This is separate from any TLS/mTLS provided by Istio.
Field | Description |
---|---|
config | (TLSConfig ) |
ClientTLSPolicySpec.Simple
Initiate a basic TLS connection, and possibly verify the server certificate if provided a CA via credential/secret. This is separate from any TLS/mTLS provided by Istio.
Field | Description |
---|---|
config | (TLSConfig ) |
ClientTLSPolicyStatus
Field | Description |
---|---|
common | (common.gloo.solo.io.Status )The state and workspace conditions of the applied resource. |
numSelectedDestinationPorts | (uint32 )The number of destination ports selected by the policy. |
TLSConfig
Field | Description |
---|---|
sni | (google.protobuf.StringValue )SNI string to present to the server during TLS handshake. Recommended to be set, however if omitted, the first hostname associated with the destination will be used |
credentialName | (string )The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type generic) should contain the following keys and values: key: |