Install Mutual TLS (mTLS) Capability

This topic tells you how to install the mutual TLS (mTLS) Capability on Tanzu Platform for Kubernetes.

Service

To install the mTLS Capability:

  1. Install the Gateway API and Certificate Manager Capabilities which are prerequisite for Ingress. For how to install a Capability, see Install Capabilities on your Kubernetes cluster.

  2. Install the Ingress Capability with Vault/SelfSigned CA integration. To integrate a third-party CA, see CA integration for Mutual TLS & Ingress Capabilities for Vault CA integration.

  3. Install the mTLS Capability.

    By default mTLS Capability sets PeerAuthentication mode to STRICT.

    Note

    Capabilities, such as Spring Cloud Gateway, that need communication between the Capability service and Space service must be deployed after the mTLS Capability is installed.

check-circle-line exclamation-circle-line close-line
Scroll to top icon