JWT token validation with ISTIO

In this article I will show implemention of JWT-TOKEN usage with ISTIO. It means ISTIO will validate JWT-TOKEN betwen service or services with PUBLIC key. But to create JWT_TOKEN itself with RS256 we must create another service which will create and sign this token with needed payload and expire time.

In my case requirement was to prepare secure environment with easy way between PUBLIC services. The topology quite simlpe as following

Before starting implement JWT we must create PUBLIC and PRIVATE key which will be used to forlumate PUBLIC key for validation JWT token and TOKEN itself. And deploy test httpbin application inside of the foo namespace. To full implementation of JWT we must write another service which will be responsible to create JWT_TOKENS with PRIVATE key. In our case we will use PYTHON code to do that, but for validation we will convert PUBLIC key to ISTIO CRD format which will be used by RequestAuthentication istio object.

To achieve goal just follow steps defined in this repository.

We can see real simulation of all from this video

I hope it will be useful.