To enable STRICT mTLS at the namespace level, we can use Policy instead of MeshPolicy and define the namespace that it will be applied to. Let's get started:
- Define mTLS for the istio-lab namespace:
# Script : 07-create-mtls-for-istio-lab-namespace.yaml
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: default
namespace: istio-lab
spec:
peers:
- mtls: {}
- Apply the mTLS security policy at the namespace level:
$ kubectl -n istio-lab apply -f 07-create-mtls-for-istio-lab-namespace.yaml
policy.authentication.istio.io/default created
Next, we will verify the TLS configuration.