Istio - Security

1. Threat Model

• mTLS Interception: By default, Istio leverages Citadel to dynamically rotate workload certificates (STRICT mode).
• AuthorizationPolicies: Extends native Kubernetes RBAC with deep L7 inspection (blocking specific HTTP endpoints).