peer authentication¶

Peer-to-peer identity authentication refers to providing two-way security authentication between services without intrusive modification of the application source code. At the same time, the creation, distribution, and rotation of keys and certificates are also automatically completed by the system, which is transparent to users. The complexity of security configuration management is greatly reduced.

Note

After peer-to-peer authentication is enabled, the corresponding target rule also needs to enable mLTS mode, otherwise it will not be able to access normally.

A strict mTLS policy enforced across the mesh. Once in effect, inter-service access within the mesh will require mLTS to be enabled.

Example:

apiVersion: "security.istio.io/v1beta1"
kind: "PeerAuthentication"
metadata:
  name: "default"
  namespace: "istio-system" #effective namespace
spec:
  mtls:
    mode: STRICT #strategy

Service mesh provides two creation methods: wizard and YAML. The specific steps to create through the wizard are as follows:

Click Security Governance -> Peer-to-Peer Authentication in the left navigation bar, and click the Create button in the upper right corner.
In the Create Peer Authentication interface, first perform the basic configuration and then click Next.
After completing the authentication settings according to the screen prompts, click OK.
The screen prompts that the creation is successful.
On the right side of the list, click ⋮ in the operation column to perform more operations through the pop-up menu.

Note

For the configuration of specific parameters, please refer to Security Governance Parameter Configuration.
For a more intuitive operation demonstration, please refer to Video Tutorial.

peer authentication¶

Comments