[Solved] You applied this PeerAuthentication config but your service still accepts plain HTTP traffic:apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace:... | Kubernetes

Kubernetes - Service Mesh

You applied this PeerAuthentication config but your service still accepts plain HTTP traffic:

apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: default
  namespace: test
spec:
  mtls:
    mode: STRICT

What is the most likely reason?

AThe service is in a different namespace than 'test'

BPeerAuthentication resource is missing the selector field

CSTRICT mode allows plain HTTP by default

DmTLS is disabled globally in Istio

Step-by-Step Solution

Solution:

Step 1: Check namespace scope
PeerAuthentication applies only to the specified namespace 'test'. If the service is outside, it won't be affected.
Step 2: Understand effect on service
If the service is in another namespace, it won't enforce STRICT mode and may accept plain HTTP.
Final Answer:
The service is in a different namespace than 'test' -> Option A
Quick Check:
Namespace mismatch causes no mTLS enforcement [OK]

Quick Trick: PeerAuthentication applies per namespace only [OK]

Common Mistakes:

Master "Service Mesh" in Kubernetes

9 interactive learning modes - each teaches the same concept differently

More Kubernetes Quizzes

You applied this PeerAuthentication config but your service still accepts plain HTTP traffic: