---
title: Istio PeerAuthentication 严格 mTLS 与 DestinationRule ISTIO_MUTUAL 实战
keywords: PeerAuthentication, STRICT, ISTIO_MUTUAL, DestinationRule, mtls
description: 通过 PeerAuthentication 强制工作负载启用 mTLS,并结合 DestinationRule 设置客户端侧 ISTIO_MUTUAL,确保服务间零信任通信。
categories:
- 文章资讯
- 技术教程
---
强制 mTLS(命名空间内指定工作负载):
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: api-mtls-strict
namespace: default
spec:
selector:
matchLabels:
app: api
mtls:
mode: STRICT
客户端侧 TLS(DestinationRule):
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: api-dr
namespace: default
spec:
host: api.default.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
发表评论 取消回复