request authentication¶

This authentication mode can be used when an external user initiates a request for mesh internal services. In this mode, request encryption is implemented using JSON Web Token (JWT). Each request authentication needs to configure an Authorization Policy.

All workloads labeled app: httpbin require JWT authentication. Examples are as follows:

apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
  name: httpbin
  namespace: foo
spec:
  selector:
    matchLabels:
      app: httpbin
  jwtRules:
  - issuer: "issuer-foo"
    jwksUri: https://example.com/.well-known/jwks.json

Service Mesh provides two creation methods: wizard wizard and YAML. The specific steps to create through the wizard are as follows:

On the left navigation bar, click Security Governance -> Request Authentication, and click the Create button in the upper right corner.
In the Create Request Identity Authentication interface, first perform the basic configuration and then click Next.
After completing the authentication settings according to the screen prompts, click OK, and the system will verify the configured information.
After the verification is passed, the screen prompts that the creation is successful.
On the right side of the list, click ⋮ in the operation column to perform more operations through the pop-up menu.

Note

For the configuration of specific parameters, please refer to Security Governance Parameter Configuration.
For a more intuitive operation demonstration, please refer to Video Tutorial.

request authentication¶

Comments