Peer Authentication for workload without sidecar

Aravind · July 2, 2020, 8:19am

kubernetes version 1.17
istio version 1.5.2

we are currently bringing up 1 workload without sidecar and remaining 3 workload with sidecar in a same namespace.
And we have created peerauthentication for all the 4 work-loads.
Want to know whether setting peerauthentication to PERMISSIVE on the workload without sidecar will have any effect on traffic from and to this workload.

William_Li · July 6, 2020, 3:27am

cc @YangminZhu, @incfly take a look.

please whether setting peerauthentication to PERMISSIVE on the workload without sidecar will have any effect on traffic from and to this workload.

incfly · July 6, 2020, 4:55pm

No. Policy either peer authentication or the authorization only enforce at the workloads with sidecar. otherwise Istio can’t control the enforcement point.

Aravind · July 6, 2020, 5:45pm

hi @incfly,

is it applicable to service entry also ?? (For workload without sidecar).

Topic		Replies	Views
Is it possible that an identical PeerAuthentication could result in two different network environments? Security	3	545	July 29, 2020
Istio mTLS with pod without sidecar Networking	0	575	January 19, 2022
How to connect to pods with sidecar from pod without sidecar? Security security	4	2057	May 16, 2022
Problem accessing services without a sidecar from pods with a sidecar	2	3244	July 4, 2019
Authenticating peer service Security	4	463	October 13, 2020

Peer Authentication for workload without sidecar

Related topics