Istio Authentication -Part 1



  • Peer Authentication
    For service-to-service authentication.
  • Request Authentication
    For end-user authentication. Using JSON Web Tokens (JWT)


  1. Cluster Environment created with EKS or KOPS
  2. Kubectl installed
  3. Istio installed
  4. Need Public key to access the cluster nodes
Service to Service — Workflow
kubectl create ns istio-servicea
kubectl create ns istio-serviceb
kubectl create ns servicec
kubectl create ns istio-serviced
kubectl get namespaces
kubectl label namespace istio-servicea istio-injection=enabled
kubectl label namespace istio-serviceb istio-injection=enabled
kubectl label namespace istio-serviced istio-injection=enabled
kubectl create -f serviceaccount.yaml
kubectl create -f service-a.yaml
kubectl create -f welcome-app.yaml
kubectl create -f service-b.yaml
kubectl create -f service-c.yaml
kubectl create -f service-d.yaml
kubectl create -f service-e.yaml
kubectl create -f serviced-ns-istio-serviceb.yaml
kubectl create -f servicee-ns-servicec.yaml
kubectl command — Application service
kubectl command — Application pods
kubectl describe pod podname -n namespace
kubectl describe pod service-a-58479bc7bd-vf4mz -n istio-servicea

Before Peer Authentication

Metrics — Before Peer Authentication

Namespace Level

kubectl create -f mtlspolicy.yaml
kubectl get -n istio-servicea
Metrics — Istio Namespace Level

Workload Specific

kubectl create -f peer.yaml
Metrics — Istio Workload Specific

Authorization Policy

kubectl create -f peer.yaml
kubectl create -f AuthorizationPolicy.yaml
kubectl get authorizationpolicy -n istio-servicea
service-b enabled with Service Account
service-d where Service Account not enabled
Metrics — Istio Authorization Policy





Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store