diff --git a/resources/nats/templates/destination-rule.yaml b/resources/nats/templates/destination-rule.yaml index 11a42334..a493266d 100644 --- a/resources/nats/templates/destination-rule.yaml +++ b/resources/nats/templates/destination-rule.yaml @@ -14,5 +14,5 @@ spec: host: {{ include "nats.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local trafficPolicy: tls: - mode: DISABLE + mode: ISTIO_MUTUAL {{- end }} diff --git a/resources/nats/templates/peer-authentication.yaml b/resources/nats/templates/peer-authentication.yaml new file mode 100644 index 00000000..e22f4935 --- /dev/null +++ b/resources/nats/templates/peer-authentication.yaml @@ -0,0 +1,19 @@ +{{- if .Values.istio.enabled }} +apiVersion: security.istio.io/v1 +kind: PeerAuthentication +metadata: + name: {{ include "nats.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "nats.labels" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: + {{- toYaml .Values.commonAnnotations | nindent 4 }} + {{- end }} +spec: + mtls: + mode: STRICT + selector: + matchLabels: + {{- include "nats.selectorLabels" . | nindent 4 }} + {{- end }} \ No newline at end of file diff --git a/resources/nats/values.yaml b/resources/nats/values.yaml index c78c2ddf..34f7cc06 100644 --- a/resources/nats/values.yaml +++ b/resources/nats/values.yaml @@ -292,7 +292,7 @@ affinity: # Annotations to add to the NATS pods # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: { - sidecar.istio.io/inject: "false" + sidecar.istio.io/inject: "true" } # Annotations to add to the NATS StatefulSet