search

kumahq / kuma-website

🐻 The official website for Kuma, the control plane for modern service connectivity.
https://kuma.io
Apache License 2.0
104 stars 87 forks source link

mTLS validation steps in documentation #1802

Open stongo opened 1 month ago

stongo commented 1 month ago

Description

After following Kuma getting starting guide and mTLS documentation, I'm still left asking ... "how do I validate and use this?"

For example, should application use https or http when addressing svcs in the cluster after mTLS is enabled.

Can the default svc address be used or does it have to be the kuma proxy address i.e. foo:2345 vs foo_svc_2345.mesh:80

I have followed all the mTLS guides to the end, but am still unsure if I'm using it correctly. An example curl command would be fantastic and some follow up for absolute beginners would be fab.

Thanks!

jakubdyszkiewicz commented 1 month ago

Triage: thanks for the feedback. We should improve the docs.

In the meantime to answer your questions. 1) Application should use HTTP, mTLS is transparent from application point of view 2) You can use existing Kube hostnames, however you need .mesh for cross-zone communication 3) for validation, you can curl mTLSed pod from the pod outside of the mesh to double check that it's protected