Consul supports strict mTLS?

darkn3rd · October 6, 2022, 11:39pm

How can I require strict mTLS, so that services outside of the mesh cannot communicate with mesh members? Is ACLs absolutely required?

I deployed a service mesh with these values, and I had hope the TLS configuration would be enough to get this behavior?

global:
  name: consul
  datacenter: dc1
  tls:
    enabled: true
    enableAutoEncrypt: true
    verify: true
server:
  securityContext:
    runAsNonRoot: false
    runAsUser: 0
connectInject:
  enabled: true
controller:
  enabled: true
ui:
  enabled: true

Topic		Replies	Views
How do you do strict tls or deny traffic from non-mesh members? Consul k8s , connect	0	226	October 6, 2022
ACLs required to use Consul Connect? Consul k8s , connect	0	315	September 30, 2022
External Consul Clients - Kubernetes Servers - TLS and ACL Enabled Consul	1	278	September 1, 2020
Consul k8s service mesh security Consul service-mesh	2	530	April 18, 2021
Disabling mTLS in sidecar proxy Consul k8s , connect	3	1358	December 7, 2021

Consul supports strict mTLS?

Related topics