Managing Policies and Security with Istio and Citadel
1 hour 15 minutes
7 Credits
GSP657
Overview
Introduction
This lab demonstrates how to leverage Istio's identity and access control policies to help secure microservices running on GKE.
You will use the Hipstershop sample application to understand and practice:
- Incrementally adopting Istio mutual TLS authentication across the service mesh.
- Enabling end-user (JWT) authentication for the frontend service.
- Using an Istio access control policy to secure access to the frontend service.
Objectives
In this lab, you will learn how to perform the following tasks:
- Complete cluster configuration.
- Download open source Istio with sample configs, and
istioctl. - Deploy Hipster Shop, an Istio-enabled multi-service application.
- Understand authentication and enable service to service authentication with mTLS.
- Enable end-user JWT authentication alongside mTLS.
- Understand Istio authorization and enable frontend authorization.
Join Qwiklabs to read the rest of this lab...and more!
- Get temporary access to the Google Cloud Console.
- Over 200 labs from beginner to advanced levels.
- Bite-sized so you can learn at your own pace.
GSP657OverviewSetup and requirementsComplete cluster configurationDownload open source Istio with sample configs, andDeploy Hipster Shop, an Istio-enabled multi-service applicationUnderstand authentication and enable service to service authentication with mTLSEnable end-user JWT authentication alongside mTLSUnderstand Istio authorization and enable frontend authorizationCongratulations!
Score
—/100
Deploy the application Pods along with injected proxy sidecars
/ 20
Deploy the Istio service mesh configuration
/ 20
Enable mTLS for one service: frontend
/ 20
Enable mTLS for an entire namespace: default
/ 20
Enable authorization for one service: frontend
/ 20