CAO 2.1 support for Istio


I read CAO 2.1 introduces full support for Istio. Since Couchbase natively supports TLS, I am trying to understand, what is the purpose of providing support for Istio? Can someone help understand this?


With Istio you define the policy for you entire enterprise in a single place. Every application is then forced to adhere to that policy.

If you used individual TLS configuration for every application in your enterprise, having to manage certificate issue and rotation on a per-app basis, that’s a lot of time and money wasted. Security policies could be allowed to differ between applications and that makes auditing a nightmare.


Then, would it mean that Couchbase native TLS and Istio, both would not co-exist in an env, is that correct?

That is correct, and running them together doesn’t work, so that decision is made for you :smiley:

1 Like