microservices with istio step by step JianFeng Ding, LuYao Zhong #IstioCon Agenda ● Istio identity ● mTLS in Isito ● Secure ingress traffic ● Authorize ingress traffic ● Authorize in mesh traffic Istio Identity Istiod Istio Agent Envoy 1. Start Envoy 2. Request Cert (SDS)) 3. CSR Auth: JWT 4. Cert signed with SPIFFE format Istio-proxy CA server #IstioCon Istio identity – how to curl localhost:15000/config_dump #IstioCon Istio identity – check configuration result ● Result: cert generated automatically with Istio identity 1) Apply peer-authentication to enable server side