incfly · March 23, 2020 20:08
diff --git a/automtls-sample.yaml b/automtls-sample.yaml
 dynamic_active_clusters:
 - name: "outbound||httpbin.svc.default.cluster.local"
  transportSocketMatches:
  - name: "istioMtls"
    match:
      tlsLabel: "istio-mutual" # could also be other 
      transport_socket:
        # sample tls config on client side.
        # same as today's setup, use file path just as an e.g. The SDS will be similiar.
        common_tls_context:
          key: /etc/cert/key.pem
          cert: /etc/cert/cert.pem
          root: /etc/cert/root.pem
        validated_san_list: [ "spiffe://cluster.local/ns/default/sa/foo"]
    # plaintext config. the empty match always match all the endpoint.
  - name: "default-plaintext"
    match: {}
	dynamic_active_clusters:
	- name: "outbound\|\|httpbin.svc.default.cluster.local"
	transportSocketMatches:
	- name: "istioMtls"
	match:
	tlsLabel: "istio-mutual" # could also be other
	transport_socket:
	# sample tls config on client side.
	# same as today's setup, use file path just as an e.g. The SDS will be similiar.
	common_tls_context:
	key: /etc/cert/key.pem
	cert: /etc/cert/cert.pem
	root: /etc/cert/root.pem
	validated_san_list: [ "spiffe://cluster.local/ns/default/sa/foo"]
	# plaintext config. the empty match always match all the endpoint.
	- name: "default-plaintext"
	match: {}