Skip to content

Commit 87e16b1

Browse files
JSticklerJStickler
authored
Merge pull request #27458 from neal-timpe/ossmdoc-150
OSSMDOC-150
2 parents 483e879 + 979e412 commit 87e16b1

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

service_mesh/v2x/upgrading-ossm.adoc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -201,7 +201,7 @@ Built-in WASM filters included in the upstream Istio distribution are not availa
201201
[id="ossm-upgrading-mig-mtls_{context}"]
202202
=== Mutual TLS changes
203203

204-
The mTLS feature only considers PeerAuthentication policies that affect an entire namespace or the entire mesh. There is no selector. When using mTLS with workload specific PeerAuthentication policies, a corresponding DestinationRule is required to allow traffic if the workload policy differs from the namespace/global policy.
204+
When using mTLS with workload specific PeerAuthentication policies, a corresponding DestinationRule is required to allow traffic if the workload policy differs from the namespace/global policy.
205205

206206
Auto mTLS is enabled by default, but can be disabled by setting `spec.security.dataPlane.automtls` to false in the `ServiceMeshControlPlane` resource. When disabling auto mTLS, DestinationRules may be required for proper communication between services. For example, setting PeerAuthentication to `STRICT` for one namespace may prevent services in other namespaces from accessing them, unless a DestinationRule configures TLS mode for the services in the namespace.
207207

0 commit comments

Comments
 (0)