Managing Policies and Security with Istio and Citadel
You will use the Hipstershop, an Istio-enabled multi-service sample application to understand and practice:
Incrementally adopting Istio mutual TLS authentication across the service mesh
Enabling end-user (JWT) authentication for the frontend service
Using an Istio access control policy to secure access to the frontend service
In this lab you learn how to perform the following tasks:
Complete cluster configuration
Download open source Istio with sample configs, and
Deploy Hipster Shop, an Istio-enabled multi-service application
Understand authentication and enable service to service authentication with mTLS
Enable end-user JWT authentication alongside mTLS
Understand Istio authorization and enable frontend authorization
Join Qwiklabs to read the rest of this lab...and more!
- Get temporary access to the Google Cloud Console.
- Over 200 labs from beginner to advanced levels.
- Bite-sized so you can learn at your own pace.
Deploy the application Pods along with injected proxy sidecars
Deploy the Istio service mesh configuration
Enable mTLS for one service: frontend
Enable mTLS for an entire namespace: default
Enable authorization for one service: frontend