Managing Policies and Security with Istio and Citadel




Deploy the application Pods along with injected proxy sidecars

Deploy the Istio service mesh configuration

Enable mTLS for one service: frontend

Enable mTLS for an entire namespace: default

Enable authorization for one service: frontend

Managing Policies and Security with Istio and Citadel

1 个小时 7 个积分


Google Cloud Self-Paced Labs


This lab demonstrates how to leverage Istio's identity and access control policies to help secure microservices running on GKE.

You will use the Hipstershop, an Istio-enabled multi-service sample application to understand and practice:

  • Incrementally adopting Istio mutual TLS authentication across the service mesh

  • Enabling end-user (JWT) authentication for the frontend service

  • Using an Istio access control policy to secure access to the frontend service


In this lab you learn how to perform the following tasks:

  • Complete cluster configuration

  • Download open source Istio with sample configs, and istioctl

  • Deploy Hipster Shop, an Istio-enabled multi-service application

  • Understand authentication and enable service to service authentication with mTLS

  • Enable end-user JWT authentication alongside mTLS

  • Understand Istio authorization and enable frontend authorization

加入 Qwiklabs 即可阅读本实验的剩余内容…以及更多精彩内容!

  • 获取对“Google Cloud Console”的临时访问权限。
  • 200 多项实验,从入门级实验到高级实验,应有尽有。
  • 内容短小精悍,便于您按照自己的节奏进行学习。