Just rather new to Istio so bear with me as I’m trying to understand from a conceptual point of view. I’ve set up the PeerAuthentication successful in a couple of namespaces and this works all as expected. I can also work with RequestAuthorization without any problems.
Allowing clients from a certain principle on the mTLS/Peer is done from the AuthorizationPolicy as well specifying the mTLS principle right? So having a strict policy on PeerAuthentication guarantees the identity which in turn enables the specification and the authenticity of the principle?
I want to make sure I can control who’s able to access who as a first line of control using mTLS. More fine grained control can be done using RequestAuthorization using JWT and AuthorizationPolicy on requestPrincipals.
Is this a sane strategy? Or am I approaching this backwards?