Book Image

Bootstrapping Service Mesh Implementations with Istio

By : Anand Rai
4 (1)
Book Image

Bootstrapping Service Mesh Implementations with Istio

4 (1)
By: Anand Rai

Overview of this book

Istio is a game-changer in managing connectivity and operational efficiency of microservices, but implementing and using it in applications can be challenging. This book will help you overcome these challenges and gain insights into Istio's features and functionality layer by layer with the help of easy-to-follow examples. It will let you focus on implementing and deploying Istio on the cloud and in production environments instead of dealing with the complexity of demo apps.  You'll learn the installation, architecture, and components of Istio Service Mesh, perform multi-cluster installation, and integrate legacy workloads deployed on virtual machines. As you advance, you'll understand how to secure microservices from threats, perform multi-cluster deployments on Kubernetes, use load balancing, monitor application traffic, implement service discovery and management, and much more. You’ll also explore other Service Mesh technologies such as Linkerd, Consul, Kuma, and Gloo Mesh. In addition to observing and operating Istio using Kiali, Prometheus, Grafana and Jaeger, you'll perform zero-trust security and reliable communication between distributed applications. After reading this book, you'll be equipped with the practical knowledge and skills needed to use and operate Istio effectively.
Table of Contents (19 chapters)
Part 1: The Fundamentals
Part 2: Istio in Practice
Part 3: Scaling, Extending,and Optimizing

Configuring RequestAuthorization

In the previous section, we configured a RequestAuthentication policy, which verifies a JWT token against the issuer and JWK details as per the JWKS location. We configured Auth0 as the authentication provider and the one that generates the bearer token. In this section, we will learn about how to make use of the information provided by authentication policies such as peer authentication and request authentication to authorize client access to the server (the requested resource, Pod, workload, service, etc.).

We will first focus on implementing an authorization policy in conjunction with the RequestAuthentication policy from the previous section.

To let curl access the envoy dummy using the access token issued by Auth0, we need to create an AuthorizationPolicy:

apiVersion: ""
kind: "AuthorizationPolicy"
  name: "envoydummy-authz-policy"
  namespace: utilities...