In chapter 4, we covered admitting traffic into the mesh, including some ways to secure that traffic. Here, we take a closer look at transparently improving the security posture of a services-based architecture by using the capabilities of the service mesh.
Istio is secure by default. In this chapter, we see what that means, how it works, how service-to-service and end-user authentication are implemented, and the access control we have over services in the service mesh. Before getting to the features, we give a brief refresher of security topics; see appendix C for more detailed information about how security works in Istio.