delgod
commented
5 years ago @slenky, have you tried a recommendation from Istio FAQ?
related issue - https://github.com/istio/istio/issues/10062
Open slenky opened 5 years ago
delgod
commented
5 years ago @slenky, have you tried a recommendation from Istio FAQ?
related issue - https://github.com/istio/istio/issues/10062
zeph
commented
5 years ago @delgod I got a 404 at that FAQ address
delgod
commented
5 years ago @zeph new link to Istio Documentation - https://istio.io/faq/security/#mysql-with-mtls
zeph
commented
5 years ago @delgod wrong syntax... can you correct it? (just the first line)
cat <<EOF | kubectl apply -f - of...
cat <<EOF | kubectl apply -f -
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
name: mysql-mtls-authn
spec:
targets:
- name: mysql-service
peers:
- mtls:
mode: STRICT
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: mysql-mtls-dr
spec:
host: "mysql-service"
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
EOF@zeph feel free to contribute https://github.com/istio/istio.io/blob/master/content/faq/security/mysql-with-mtls.md
Hello,
I am using your operator on cluster with Istio's Service Mesh. Unfortunately, when mysql Pods and Services has "mysql" as port name, connection stops working; it is a known Istio's behavior, I just need to rename it to "tcp" or something else instead of "mysql" . Please, add this option to Mysql CRD :)
Regards, Bohdan