September 2019
Intermediate to advanced
668 pages
15h 59m
English
In this section, we will learn how Istio can be configured to automatically protect internal communication within the service mesh using mutual authentication, mTLS. When using mutual authentication, not only does the service side prove its identity by exposing a certificate, but also the clients prove their identity to the servers by exposing a client-side certificate. This provides a higher level of security compared to normal TLS/HTTPS usage, where only the identity of the server is proven. Setting up and maintaining mutual authentication; that is, the provision of new, and the rotating of outdated, certificates, is known to be complex and is therefore seldom used. Istio ...