...
Description: - Connect two microservices belonging to stateless applications
The services hosted behind Istio service mesh has the sidecar proxy installed with each pod of the service.
In the below diagram,
SERVER - httpbin (If TLS Mode is "SIMPLE", it will accept both traffic for tls and plain text. TLS Mode must be ISTIO_MUTUAL for talking to other istio clients. MUTUAL when talking to other external services) istio service which uses different rootca
CLIENTS - sleep (TLS Mode can be "SIMPLE" (for services with no sidecars) or ISTIO_MUTUAL(services with sidecars)). MUTUAL when talking to other external services) or istio service which uses different rootca
TLS Details
MESH WIDE POLICY (In both the clusters ) - PERMISSIVE
Service level policy for httpbin - SIMPLE
Service level policy for sleep - SIMPLEMESH WIDE POLICY can be PERMISSIVE(Will allow both tls and plan text with no authorization checks on the plain text traffic) OR STRICT (Allow only TLS Traffic)
Diagram
draw.io Diagram | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|