fadaly.net/work/servicemeshaudit
SERVICE MESH
MESH.
22 services audited against Istio mTLS + NetworkPolicy baseline.
5 services accept plaintext alongside mTLS (permissive mode).
2 namespaces have no NetworkPolicy at all.
mTLS in permissive mode is mTLS theater.
SM-013 · checkout-service · ns: prod
PERMISSIVE
Istio mTLS mode PERMISSIVE since 2024 migration.
Move to STRICT, watch deny logs for 7d, document migration.