This topic describes how to install the Mutual TLS (mTLS) Capability.
To install the mTLS Capability:
Install the Gateway API and Certificate Manager Capabilities which are prerequisite for Ingress. For how to install a Capability, see Install Capabilities on your Kubernetes cluster.
Install the Ingress Capability with Vault/SelfSigned CA integration. To integrate a third-party CA, see CA integration for Mutual TLS & Ingress Capabilities for Vault CA integration.
Install the mTLS Capability.
By default mTLS Capability sets PeerAuthentication mode to STRICT
.
NoteCapabilities, such as Spring Cloud Gateway, that need communication between the Capability service and Space service must be deployed after the mTLS Capability is installed.