Peer Authentication for workload without sidecar

Aravind · July 2, 2020, 8:19am

kubernetes version 1.17
istio version 1.5.2

we are currently bringing up 1 workload without sidecar and remaining 3 workload with sidecar in a same namespace.
And we have created peerauthentication for all the 4 work-loads.
Want to know whether setting peerauthentication to PERMISSIVE on the workload without sidecar will have any effect on traffic from and to this workload.

William_Li · July 6, 2020, 3:27am

cc @YangminZhu, @incfly take a look.

please whether setting peerauthentication to PERMISSIVE on the workload without sidecar will have any effect on traffic from and to this workload.

incfly · July 6, 2020, 4:55pm

No. Policy either peer authentication or the authorization only enforce at the workloads with sidecar. otherwise Istio can’t control the enforcement point.

Aravind · July 6, 2020, 5:45pm

hi @incfly,

is it applicable to service entry also ?? (For workload without sidecar).