Security with Istio: Using Authorization Policies

When securing your container workloads in Kubernetes, it's important to have defence in depth. This. means having layers of security. As important as it is to have mTLS enabled in the Istio service mesh, you should also implement access control between services. To do this in Istio, you make use of Authorization Policies. After we've validated the identity of a service, we should check whether or not it's permitted to carry out the desired action when communicating with another service. With Istio Authorization Policies, you can define access control rules at different levels or scopes. It could be for the entire mesh, a specific namespace, or a specific workload depending on your use case. The envoy sidecar proxy is what's actually responsible for executing this. So when the service proxy intercepts incoming requests, it will use the Istio Authorization Policy to verify if the sender has the right permissions to execute the operation. In this video, I'll show you how to use Istio Authorization Policies. #kubernetes #istio #servicemesh Timestamps: 00:00 - Introduction 00:15 - Authentication (AuthN) vs Authorization (AuthZ) 00:21 - Authorization (AuthZ) explained 00:50 - Overview of using Istio Authorization policies for secure communication between services in Istio 01:51 - Demo on how to implement Istio Authorization Policies for microservice workloads in Kubernetes Repositories with source code: https://github.com/LukeMwila/istio-gateway-and-virtual-services https://github.com/LukeMwila/microservice-example-helm-charts Other relevant videos: Using Istio Gateway to Route Traffic to Microservices on Amazon EKS - https://youtu.be/_ImVPrUZ6yY Secure Istio Gateway Traffic with TLS Encryption on Amazon EKS - https://youtu.be/sn4_j_E62VE How to Configure mTLS in Istio for Secure Kubernetes Workload Communication - https://youtu.be/DVgDVaWIMB8 Connect: GitHub: https://github.com/LukeMwila Twitter: https://twitter.com/LuKE9ine Medium: https://medium.com/@outlier.developer LinkedIn: https://www.linkedin.com/in/lukonde-mwila-25103345/ If you found this video helpful, please like the video and subscribe to the channel!