Service Mesh Security Workshop with Istio Ambient: Manage mTLS, AuthN and AuthZ
In this workshop, participants will be shown the possibilities that a service mesh tool like Istio Ambient offers in terms of security. Istio Ambient enables a new service mesh architecture that completely eliminates sidecars. After a brief introduction to the service mesh, more and more security features are presented and implemented in each step.
The starting point is the TLS/mTLS termination in the ingress gateway. From then on, all further communication within the service mesh is secured using mTLS. Outgoing communication is also checked and controlled with the help of the egress gateway. In addition, it is shown which request-based authorization checks can be taken over by the service mesh.
The associated security best practices are listed and explained for each sub-aspect. Since faulty security settings can have fatal consequences, the options available for error analysis are shown for each security aspect.
IT Security Summit:
Service Mesh Security Workshop with Istio Ambient: Manage mTLS, AuthN and AuthZ