Implementing authorization

Authorization is implemented through Kubernetes RBAC, which can be defined at the namespace level, service level, or method level within a service. Authorization is implemented natively at the Envoy proxy level, and it supports HTTP, HTTPS, HTTP/2, and TCP.

Istio uses Kubernetes primitives such as Role, RoleBinding, ClusterRoles, and ClusterRoleBinding. It creates its own CRD, such as AuthorizationPolicies, ClusterRbacConfigs, RbacConfigs, ServiceRoleBindings, or ServiceRoles, as follows:

$ kubectl get crd | grep -i                 2019-07-30T02:59:15Z ...

Get Mastering Service Mesh now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.