July 2019
Intermediate to advanced
502 pages
14h
English
Content preview from Hands-On Microservices with Kubernetes
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Authenticating users with Istio
Istio authentication is based on policies. There are two kinds of policies: namespace policies and mesh policies. A namespace policy applies to a single namespace. A mesh policy applies to the entire cluster. There can be only one mesh policy with a kind of MeshPolicy and it must be named default. Here is an example of a mesh policy that requires all services to use mTLS:
apiVersion: "authentication.istio.io/v1alpha1" kind: "MeshPolicy" metadata: name: "default" spec: peers: - mtls: {}
Namespace policies have a kind of Policy. If you don't specify a namespace, then it will apply to the default namespace. There can be only one policy per namespace and it must be called default too. The following policy uses ...