Skip to content

Peer Authentication

Peer authentication refers to providing two-way security authentication between services without intrusive modification of the application source code. At the same time, the creation, distribution, and rotation of secrets and certificates are also automatically completed by the system, which is transparent to users. The complexity of security configuration management is greatly reduced.

Note

After peer authentication is enabled, the corresponding target rule also needs to enable mLTS mode, otherwise it will not be able to access normally.

A strict mTLS policy enforced across the mesh. Once in effect, inter-service access within the mesh will require mLTS to be enabled.

Example:

apiVersion: "security.istio.io/v1beta1"
kind: "PeerAuthentication"
metadata:
  name: "default"
  namespace: "istio-system" # (1)!
spec:
  mtls:
    mode: STRICT # (2)!
  1. effective namespace
  2. policy

Service mesh provides two creation methods: wizard and YAML. The specific steps to create through the wizard are as follows:

  1. Click Security -> Peer Authentication in the left navigation bar, and click the Create button in the upper right corner.

    Create Peer Authentication

  2. In the Create Peer Authentication interface, first perform the basic configuration and then click Next .

    Basic Info

  3. After completing the authentication settings according to the screen prompts, click OK .

    Settings

  4. The screen prompts that the creation is successful.

    Successfully Created

  5. On the right side of the list, click in the operation column to perform more operations through the pop-up menu.

    Edit/Delete

Note

Comments