Skip to content

Commit 53527f3

Browse files
kinolaevkinolaev
authored
feat: add tls.caCertCredentialName (#16732)
Signed-off-by: Sergei Nikolaev <[email protected]>
1 parent f8fc912 commit 53527f3

File tree

1 file changed

+1
-0
lines changed
  • content/en/docs/tasks/traffic-management/ingress/secure-ingress

1 file changed

+1
-0
lines changed

content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -627,6 +627,7 @@ Istio supports reading a few different Secret formats, to support integration wi
627627
* A TLS Secret with keys `tls.key` and `tls.crt`, as described above. For mutual TLS, a separate generic Secret named `<secret>-cacert`, with a `cacert` key. For example, `httpbin-credential` has `tls.key` and `tls.crt`, and `httpbin-credential-cacert` has `cacert`.
628628
* A generic Secret with keys `key` and `cert`. For mutual TLS, a `cacert` key can be used.
629629
* A generic Secret with keys `key` and `cert`. For mutual TLS, a separate generic Secret named `<secret>-cacert`, with a `cacert` key. For example, `httpbin-credential` has `key` and `cert`, and `httpbin-credential-cacert` has `cacert`.
630+
* For mutual TLS, a separate generic Secret with a `cacert` or `ca.crt` key can be referenced with `caCertCredentialName`. It takes precedence over CA certificates in the Secret referenced with `credentialName(s)`.
630631
* The `cacert` key value can be a CA bundle consisting of concatenated individual CA certificates.
631632

632633
### SNI Routing

0 commit comments

Comments
 (0)