Chaos and Order

Chaos and Order https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Sat, 13 Jun 2026 00:00:00 GMT https://www.youngju.dev/blog/istio/2026-06-13-istio-security-mtls-authorization-practice.en Istio Security in Practice — mTLS, AuthorizationPolicy, and the Zero Trust Mesh https://www.youngju.dev/blog/istio/2026-06-13-istio-security-mtls-authorization-practice.en From the mesh security model built on SPIFFE identities and the istiod CA, through the PERMISSIVE-to-STRICT migration strategy for PeerAuthentication, least-privilege AuthorizationPolicy design, JWT end-user authentication, OPA external authorization, and custom CA integration with cert-manager — all with working YAML. Policy debugging with dry-run, compliance usage, and an adoption roadmap are covered as well. Sat, 13 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) istiomtlssecurityauthorizationpolicyzero-trustkubernetes https://www.youngju.dev/blog/istio/2026-06-13-istio-security-mtls-authorization-practice.ja Istioセキュリティ実践 — mTLS、AuthorizationPolicy、そしてゼロトラストメッシュ https://www.youngju.dev/blog/istio/2026-06-13-istio-security-mtls-authorization-practice.ja SPIFFEアイデンティティとistiod CAに基づくメッシュセキュリティモデルから、PeerAuthenticationのPERMISSIVEからSTRICTへの移行戦略、AuthorizationPolicyによる最小権限設計、JWTによるエンドユーザー認証、OPA外部認可、cert-managerによるカスタムCA統合まで、実践的なYAMLで整理します。dry-runを使ったポリシーデバッグ、コンプライアンス活用、導入ロードマップも扱います。 Sat, 13 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) istiomtlssecurityauthorizationpolicyzero-trustkubernetes https://www.youngju.dev/blog/istio/2026-06-13-istio-security-mtls-authorization-practice Istio 보안 실전 — mTLS, AuthorizationPolicy, 그리고 제로트러스트 메시 https://www.youngju.dev/blog/istio/2026-06-13-istio-security-mtls-authorization-practice SPIFFE 아이덴티티와 istiod CA 기반의 메시 보안 모델부터 PeerAuthentication의 PERMISSIVE에서 STRICT로의 전환 전략, AuthorizationPolicy 최소 권한 설계, JWT 최종 사용자 인증, OPA 외부 인가, cert-manager 커스텀 CA 통합까지 실전 YAML로 정리합니다. 정책 디버깅과 dry-run, 컴플라이언스 활용, 도입 로드맵도 다룹니다. Sat, 13 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) istiomtlssecurityauthorizationpolicyzero-trustkubernetes