Consul
Enable permissive mTLS mode
Depending on the services you are onboarding, you may not need to enable permissive mTLS mode. If the service does not accept incoming traffic or accepts traffic from downstream services that are already part of the service mesh, then permissive mTLS mode is not required to continue.
To enable permissive mTLS mode for the service, set MutualTLSMode=permissive
in the service defaults configuration entry for the service. The following example shows how to configure this setting for a service named example-service
.
Enable permissive mTLS for applicable services
Kind = "service-defaults"
Name = "example-service"
MutualTLSMode = "permissive"
Refer to the service defaults configuration reference for information about all settings.
You can change this setting back to strict
at any time to ensure mTLS is required for incoming traffic to this service.