Open stongo opened 1 month ago
Triage: thanks for the feedback. We should improve the docs.
In the meantime to answer your questions. 1) Application should use HTTP, mTLS is transparent from application point of view 2) You can use existing Kube hostnames, however you need
.mesh
for cross-zone communication 3) for validation, you can curl mTLSed pod from the pod outside of the mesh to double check that it's protected
Description
After following Kuma getting starting guide and mTLS documentation, I'm still left asking ... "how do I validate and use this?"
For example, should application use
https
orhttp
when addressing svcs in the cluster after mTLS is enabled.Can the default svc address be used or does it have to be the kuma proxy address i.e.
foo:2345
vsfoo_svc_2345.mesh:80
I have followed all the mTLS guides to the end, but am still unsure if I'm using it correctly. An example curl command would be fantastic and some follow up for absolute beginners would be fab.
Thanks!