Peer Authentication¶
Peer authentication refers to providing two-way security authentication between services without intrusive modification of the application source code. At the same time, the creation, distribution, and rotation of secrets and certificates are also automatically completed by the system, which is transparent to users. The complexity of security configuration management is greatly reduced.
Note
After peer authentication is enabled, the corresponding target rule also needs to enable mLTS mode, otherwise it will not be able to access normally.
A strict mTLS policy enforced across the mesh. Once in effect, inter-service access within the mesh will require mLTS to be enabled.
Example:
apiVersion: "security.istio.io/v1beta1"
kind: "PeerAuthentication"
metadata:
name: "default"
namespace: "istio-system" # (1)!
spec:
mtls:
mode: STRICT # (2)!
- effective namespace
- policy
Service mesh provides two creation methods: wizard and YAML. The specific steps to create through the wizard are as follows:
-
Click Security -> Peer Authentication in the left navigation bar, and click the Create button in the upper right corner.
-
In the Create Peer Authentication interface, first perform the basic configuration and then click Next .
-
After completing the authentication settings according to the screen prompts, click OK .
-
The screen prompts that the creation is successful.
-
On the right side of the list, click ┇ in the operation column to perform more operations through the pop-up menu.
Note
- For the configuration of specific parameters, refer to Security Governance Parameter Configuration.
- For a more intuitive operation demonstration, refer to Video Tutorial.
- See Service Mesh Identity and Authentication.