Istio RBAC require mTLS?

Hey guys,
Simple question here but I do not find clear answer: does Istio RBAC needs mTLS to be enable?
Because it’s not clearly mentioned (it is being said that you need to have a cluster with strict TLS though).
Thanks.

“strict” TLS is referring to the mTLS mode: https://istio.io/docs/reference/config/istio.authentication.v1alpha1/#MutualTls

Yes RBAC requires mTLS and/or jwt when you need to restrict access to authenticated identities (even namespaces).

To add a bit on this, RBAC could work independently without mTLS/JWT if you don’t use any identities from mTLS/JWT. This is not very common but could still be useful in some cases, for example, you can deny requests based on its source ip or some custom header values.

Understood! Thanks :slight_smile: