5.2.3　mTLS认证策略

mTLS认证策略包括：MeshPolicy、Policy，主要用于服务间的流量加密和认证。

（1）MeshPolicy

MeshPolicy定义了全局的mTLS认证策略，这个资源的定义只能有一个实例。示例如下：

apiVersion: authentication.istio.io/v1alpha1
kind: MeshPolicy
metadata:
  name: default
spec:
  peers:
  - mtls: {}

（2）Policy

Policy用于配置命名空间或者服务的mTLS认证策略。示例如下：

apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
  name: service-go
spec:
  targets:
  - name: service-go
  peers:
  - mtls: {}
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: service-go
spec:
  host: "service-go.default.svc.cluster.local"
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL