Managing Policies and Security with Istio and Citadel




Deploy the application Pods along with injected proxy sidecars

Deploy the Istio service mesh configuration

Enable mTLS for one service: frontend

Enable mTLS for an entire namespace: default

Enable authorization for one service: frontend

Managing Policies and Security with Istio and Citadel

1 hour 7 积分


Google Cloud Self-Paced Labs


This lab demonstrates how to leverage Istio's identity and access control policies to help secure microservices running on GKE.

You will use the Hipstershop, an Istio-enabled multi-service sample application to understand and practice:

  • Incrementally adopting Istio mutual TLS authentication across the service mesh

  • Enabling end-user (JWT) authentication for the frontend service

  • Using an Istio access control policy to secure access to the frontend service


In this lab you learn how to perform the following tasks:

  • Complete cluster configuration

  • Download open source Istio with sample configs, and istioctl

  • Deploy Hipster Shop, an Istio-enabled multi-service application

  • Understand authentication and enable service to service authentication with mTLS

  • Enable end-user JWT authentication alongside mTLS

  • Understand Istio authorization and enable frontend authorization

Join Qwiklabs to read the rest of this lab...and more!

  • Get temporary access to the Google Cloud Console.
  • Over 200 labs from beginner to advanced levels.
  • Bite-sized so you can learn at your own pace.
Join to Start This Lab