Hello!
I have Istio 1.0.5 on EKS.
I have enabled mTLS for ingress gateway and globally within the mesh. But i would like to disable the mTLS globally(service to service) and just keep the mTLS enabled for traffic coming into the mesh from outside via the ingress gateway.
This configuration doesnt seem to work for me. May be i am not doing something right .
global:
controlPlaneSecurityEnabled: true
mtls:
enabled: false
This is how my gateway yaml looks like
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: apigateway
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
servers:
-
port:
number: 80
name: http
protocol: HTTP
tls:
httpsRedirect: true
hosts:- “*”
-
port:
number: 443
name: https
protocol: HTTPS
tls:
mode: MUTUAL
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
caCertificates: /etc/istio/ingressgateway-ca-certs/ca-chain.cert.pemhosts:
- “*”