{ "openapi": "3.0.0", "info": { "title": "Peer authentication configuration for workloads.", "version": "v1beta1" }, "components": { "schemas": { "istio.security.v1beta1.PeerAuthentication": { "description": "PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar.", "type": "object", "properties": { "selector": { "$ref": "#/components/schemas/istio.type.v1beta1.WorkloadSelector" }, "mtls": { "$ref": "#/components/schemas/istio.security.v1beta1.PeerAuthentication.MutualTLS" }, "portLevelMtls": { "description": "Port specific mutual TLS settings.", "type": "object", "additionalProperties": { "$ref": "#/components/schemas/istio.security.v1beta1.PeerAuthentication.MutualTLS" } } } }, "istio.security.v1beta1.PeerAuthentication.MutualTLS": { "description": "Mutual TLS settings.", "type": "object", "properties": { "mode": { "$ref": "#/components/schemas/istio.security.v1beta1.PeerAuthentication.MutualTLS.Mode" } } }, "istio.security.v1beta1.PeerAuthentication.MutualTLS.Mode": { "type": "string", "enum": [ "UNSET", "DISABLE", "PERMISSIVE", "STRICT" ] }, "istio.type.v1beta1.WorkloadSelector": { "description": "The selector determines the workloads to apply the RequestAuthentication on. If not set, the policy will be applied to all workloads in the same namespace as the policy.", "type": "object", "properties": { "matchLabels": { "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. The scope of label search is restricted to the configuration namespace in which the resource is present.", "type": "object", "additionalProperties": { "type": "string", "format": "string" } } } } } } }