Security
mTLS, SPIFFE/SPIRE, zero-trust authorization, certificate management, and hardening service-to-service communications.
Cross-Account Istio Resource Management with IRSA: Secure Multi-Cluster Operations
Master cross-account Istio management using IAM Roles for Service Accounts (IRSA). Complete guide to securely managing service mesh resources across AWS accounts and Kubernetes clusters.
Tamper Detection at the Istio Gateway Layer
Learn how to detect and prevent tampering of incoming traffic at the Istio Gateway layer using mTLS, JWT validation, and custom authorization policies.
HMAC in Istio: Series 2/2 - Advanced Scenarios, Debugging, and Performance
Series 2/2 of our HMAC series: Explore advanced HMAC scenarios in Istio, debugging HMAC failures, performance optimization, and key rotation best practices.
HMAC in Istio: Series 1/2 - Understanding HMAC and Its Role in mTLS
Series 1/2 of our HMAC series: Learn how HMAC (Hash-Based Message Authentication Code) works and how Istio uses it to guarantee message authenticity and integrity in mTLS connections.
Using Custom JWT Claims for Authorization in Istio Gateway
How to extract custom claims from JWT tokens and use them for fine-grained authorization in Istio Gateway. Complete examples with audience claims, tenant IDs, roles, and permissions.
Building a Custom ext_authz Server for Istio: From Code to Production
How Envoy's ext_authz protocol works, why it's the right approach for custom authorization in Istio, and a complete walkthrough of building and deploying a gRPC ext_authz server.
The Definitive Guide to Debugging mTLS in Istio
Systematic approach to diagnosing mTLS handshake failures, certificate issues, and RBAC policy mismatches in Istio — with runbooks and real error messages.