Expose and secure a workload with Istio
This tutorial shows how to expose and secure a workload using Istio built-in security features. You will expose the workload by creating a VirtualService. Then, you will secure access to your workload by adding the JWT validation verified by the Istio security configuration with Authorization Policy and Request Authentication.
- You have got a JSON Web Token (JWT). For more information, see Get a JWT.
This tutorial is based on a sample HttpBin service deployment and a sample Function. To deploy or create one of those, follow the Create a workload tutorial. It can also be a follow-up to the Set up a custom domain for a workload tutorial.
Follow the instructions in the tabs to expose the HttpBin workload or the Function using a VirtualService.
- Expose the HttpBin workload
- Expose the Function
To secure the Httpbin workload or the Function using a JWT, create a Request Authentication with Authorization Policy. Workloads that have the matchLabels parameter specified require a JWT for all requests. Follow the instructions in the tabs:
- Secure the Httpbin workload
- Secure the Function