Is it possible somehow to allow basic user authentication between microservices on the mesh?
our current cluster-internal communication is user-pass one.
we want to enable Istio and gradually add services to the mesh so they will be use mTLS and will ditch the user-password approach.
but, in order to do it one by one, we should have the ability to do something like:
- communication between 2 istio-enabled services will be using mtSL
- communication between services while one of them not yet istio-enabled will be with user-password (instead of plainText).
what is the right way of doing so?
keeps the user-pass approach and services that will be added to istio, will have 2 layers of auth, both encryption and user-password, and once all services will be migrated to istio, remove the user-password?
maybe do some kind of check on Envoy to see and decide when to use user-password somehow?