istio-ambient-mesh-review

Istio Ambient Mesh Review

Purpose

Review Istio configuration against zero-trust correctness and the most common ambient-mode trap: L7 AuthorizationPolicy rules silently ignored when no waypoint is deployed. Ambient mode uses ztunnel for L4 zero-trust on every node, but L7 features (HTTP method, path, JWT claim matching, request header inspection) require an explicit waypoint proxy. Without one, the L7 rules in the policy are accepted but never enforced.

Lean operating rules

• Prefer live cluster evidence (kubectl get peerauthentication,authorizationpolicy,requestauthentication,gateway,virtualservice,destinationrule,sidecar -A -o yaml plus istioctl analyze and istioctl x ztunnel-config) when the active client exposes it; otherwise fall back to official Istio documentation (istio.io) and sanitized YAML.
• Separate confirmed facts from inference. If mesh mode (sidecar vs ambient), waypoint deployment, and namespace labels were not queried, say so.
• Ambient L7 policy without a waypoint is a critical finding — the policy looks active, the API server accepts it, but ztunnel only enforces L4. The L7 fields are silently bypassed.
• Treat PeerAuthentication with mode: PERMISSIVE or mode: DISABLE in production as a critical finding — mTLS is the foundation of mesh zero-trust.
• Treat any mesh-wide (root namespace) PeerAuthentication change as a critical-blast-radius finding — the entire mesh is affected at once.
• Challenge AuthorizationPolicy with action: ALLOW and broad from selectors — the default action when no policy is provisioned is ALLOW, so the only thing that creates zero-trust is a deny policy or an explicit ALLOW with bounded scope.
• Challenge RequestAuthentication JWKs URL changes — JWT validation depends on this.
• Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.

References

Load these only when needed:

• Evidence path and tooling — use when choosing live cluster evidence, confirming mesh mode and waypoint deployment, or switching to documentation mode.
• Workflow and output contract — use when executing the full review, applying ambient/sidecar stress checks, or formatting the final answer.
• Official sources — use when you need the detailed Istio documentation list, ambient mode internals, and grounded insights.

Response minimum

Return, at minimum:

• the scoped target (mesh-wide vs namespace-scoped vs workload-scoped) and evidence level,
• the mesh mode (sidecar, ambient, mixed) and the waypoint deployment state for the workloads involved,
• the mTLS posture (STRICT / PERMISSIVE / DISABLE) on PeerAuthentication,
• the AuthorizationPolicy enforcement layer (L4 ztunnel-enforced vs L7 waypoint-enforced) and whether L7 rules will actually run,
• the safest next actions and rollback plan,
• the assumptions or blockers that prevent stronger conclusions.