-
Istio MTLS Smartness Explained
Introduction Consider there is a large cluster with lots of services/pods running across numerous namespaces. If you want to enable Istio service mesh in this cluster, a saner approach would be to enable it gradually service by service. Doing so means until the migration to Istio mesh is not complete, there would be a mix…
-
Understanding Istio’s Secure Naming
Secure naming is the name given to the validation of the SAN field value in the X.509 certificate(which is presented by the service running inside the mesh during tls handshake) at the client envoys. This definition will become clearer by the end of this post. Certificates Each workload in the mesh is provisioned with a…
