Expose and secure a workload with Istio

This tutorial shows how to expose and secure a workload using Istio built-in security features. You will expose the workload by creating a VirtualService. Then, you will secure access to your workload by adding the JWT validation verified by the Istio security configuration with Authorization Policy and Request Authentication.


  • You have got a JSON Web Token (JWT). For more information, see Get a JWT.

This tutorial is based on a sample HttpBin service deployment and a sample Function. To deploy or create one of those, follow the Create a workload tutorial. It can also be a follow-up to the Set up a custom domain for a workload tutorial.

Expose your workload using a Virtual Service

Follow the instructions in the tabs to expose the HttpBin workload or the Function using a VirtualService.

  • Expose the HttpBin workload
  • Expose the Function

Secure a workload or the Function using a JWT

To secure the Httpbin workload or the Function using a JWT, create a Request Authentication with Authorization Policy. Workloads that have the matchLabels parameter specified require a JWT for all requests. Follow the instructions in the tabs:

  • Secure the Httpbin workload
  • Secure the Function