I have several Kubernetes clusters. Due to the company's security issues, only A 'service in Cluster A should be allowed to access B' Service in Cluster B. Can you handle such a case with istio?
Although it is possible to control the traffic using the header information in istio's virtualservice, the http header information can be manipulated at any time, which does not satisfy the security issue.
分享 Istio has a different federation with a single control plane or multiple control plane. you can check out below. the communication across network supported by MTLS so you can be assured it can't have tampered.
Shared control plane
https://istio.io/docs/setup/kubernetes/install/multicluster/shared-gateways/
Multiple control planes
https://istio.io/docs/setup/kubernetes/install/multicluster/gateways/
This is pretty new and under heavy development, so you can try them or simply use HTTPS communication when connecting across the network.
分享
