| # No caCertificates when mode is simple at destination level |
| apiVersion: networking.istio.io/v1alpha3 |
| kind: DestinationRule |
| metadata: |
| name: db-mtls |
| spec: |
| host: mydbserver.prod.svc.cluster.local |
| trafficPolicy: |
| tls: |
| mode: MUTUAL |
| clientCertificate: /etc/certs/myclientcert.pem |
| privateKey: /etc/certs/client_private_key.pem |
| portLevelSettings: |
| - port: |
| number: 443 |
| tls: |
| mode: SIMPLE |
| clientCertificate: /etc/certs/myclientcert.pem |
| privateKey: /etc/certs/client_private_key.pem |
| sni: my-nginx.mesh-external.svc.cluster.local |
| |