This tutorial shows how to expose and secure a workload using Istio's built-in security features. You will expose the workload by creating a VirtualService. Then, you will secure access to your workload by adding the JWT validation verified by the Istio security configuration with Authorization Policy and Request Authentication.

Prerequisites

• Sample HttpBin service and sample Function deployed
• JSON Web Token (JWT).
• Set up your custom domain or use a Kyma domain instead.

• Depending on whether you use your custom domain or a Kyma domain, export the necessary values as environment variables:

  • Custom domain
  • Kyma domain

Expose your workload using a Virtual Service

Follow the instructions in the tabs to expose the HttpBin workload or the Function using a VirtualService.

Secure a workload or the Function using a JWT

To secure the HttpBin workload or the Function using a JWT, create a Request Authentication with Authorization Policy. Workloads with the matchLabels parameter specified require a JWT for all requests. Follow the instructions in the tabs: