Security and compliance
How are my services secured?
Service Mesh Manager uses the mutual TLS feature of Istio for service-to-service authentication and traffic encryption. In Service Mesh Manager, you can manage mTLS settings between services with the CLI or on the UI, mesh-wide, namespace-wide, and on the service-specific level.
Does Service Mesh Manager use its own authentication system?
No, Service Mesh Manager leverages Kubeconfig, the official client libraries, and the Kubernetes API to perform authentication and authorization for its users.
If you’re allowed to add, edit, or delete specific Istio custom resources, you’ll have the same permissions from Service Mesh Manager as well.
The Service Mesh Manager installer provides a way - mainly for demo/tryout purposes - to disable user authentication and use its own service account token for all communication with the Kubernetes API server.
What’s the story on access and visibility control?
By default, authentication is needed to access Service Mesh Manager UI. The observability features are granted for every authenticated users, the control features allowance is based on the authenticated user’s RBAC permissions.