March 2020
Intermediate to advanced
626 pages
14h 45m
English
To secure service-to-service communication, it is tunneled from the client-side to the server-side via a sidecar proxy. Next, the inter-proxy communication is secured using mTLS. The benefit of mTLS is that the service identity is not expressed as a token bearer. It can't be stolen, duplicated, or replayed from a source it hasn't been authenticated with. Istio's Citadel uses the concept of secure naming and protection against attacks. The client- side verifies an authenticated service account and only allows the named service to run and traverse any network requests.
Istio's authorization feature also provides a cluster-level certificate authority with automated certificate management. Some of ...
Read now
Unlock full access