Request Authentication¶
This authentication mode can be used when an external user initiates a request for mesh internal services. In this mode, request encryption is implemented using JSON Web Token (JWT). Each request authentication needs to configure an Authorization Policy.
All workloads labeled app: httpbin require JWT authentication. Examples are as follows:
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: httpbin
namespace: foo
spec:
selector:
matchLabels:
app: httpbin
jwtRules:
- issuer: "issuer-foo"
jwksUri: https://example.com/.well-known/jwks.json
Service Mesh provides two creation methods: wizard wizard and YAML. The specific steps to create through the wizard are as follows:
-
On the left navigation bar, click Security -> Request Authentication , and click the Create button in the upper right corner.
-
In the Create Request Authentication interface, first perform the basic configuration and then click Next .
-
After completing the authentication settings according to the screen prompts, click OK , and the system will verify the configured information.
-
After the verification is passed, the screen prompts that the creation is successful.
-
On the right side of the list, click ⋮ in the operation column to perform more operations through the pop-up menu.
Note
- For the configuration of specific parameters, please refer to Security Governance Parameter Configuration.
- For a more intuitive operation demonstration, please refer to Video Tutorial.
- See Service Mesh Identity and Authentication.