Implementing authorization

Authorization is implemented through Kubernetes RBAC, which can be defined at the namespace level, service level, or method level within a service. Authorization is implemented natively at the Envoy proxy level, and it supports HTTP, HTTPS, HTTP/2, and TCP.

Istio uses Kubernetes primitives such as Role, RoleBinding, ClusterRoles, and ClusterRoleBinding. It creates its own CRD, such as AuthorizationPolicies, ClusterRbacConfigs, RbacConfigs, ServiceRoleBindings, or ServiceRoles, as follows:

$ kubectl get crd | grep -i rbacauthorizationpolicies.rbac.istio.io           2019-07-30T02:59:14Zclusterrbacconfigs.rbac.istio.io              2019-07-30T02:59:14Zrbacconfigs.rbac.istio.io                     2019-07-30T02:59:15Zservicerolebindings.rbac.istio.io 2019-07-30T02:59:15Z ...

Get Mastering Service Mesh now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.