menu
arrow_back

Managing Policies and Security with Istio and Citadel

Managing Policies and Security with Istio and Citadel

1時間 15分 クレジット: 7

GSP657

Google Cloud Self-Paced Labs

Overview

Introduction

This lab demonstrates how to leverage Istio's identity and access control policies to help secure microservices running on GKE.

You will use the Hipstershop sample application to understand and practice:

  • Incrementally adopting Istio mutual TLS authentication across the service mesh.
  • Enabling end-user (JWT) authentication for the frontend service.
  • Using an Istio access control policy to secure access to the frontend service.

Objectives

In this lab, you will learn how to perform the following tasks:

  • Complete cluster configuration.
  • Download open source Istio with sample configs, and istioctl.
  • Deploy Hipster Shop, an Istio-enabled multi-service application.
  • Understand authentication and enable service to service authentication with mTLS.
  • Enable end-user JWT authentication alongside mTLS.
  • Understand Istio authorization and enable frontend authorization.

Qwiklabs に参加してこのラボの残りの部分や他のラボを確認しましょう。

  • Google Cloud Console への一時的なアクセス権を取得します。
  • 初心者レベルから上級者レベルまで 200 を超えるラボが用意されています。
  • ご自分のペースで学習できるように詳細に分割されています。
参加してこのラボを開始
スコア

—/100

Deploy the application Pods along with injected proxy sidecars

ステップを実行

/ 20

Deploy the Istio service mesh configuration

ステップを実行

/ 20

Enable mTLS for one service: frontend

ステップを実行

/ 20

Enable mTLS for an entire namespace: default

ステップを実行

/ 20

Enable authorization for one service: frontend

ステップを実行

/ 20