Istio comes with a number of features. By having Thought Machine Vault workloads in the Istio
service mesh, we receive those features by default ('out of the box').
We use the following features 'out of the box':
• mutual TLS (mTLS) interservice communications: Vault services inside the service
mesh are configured with mTLS enabled (PERMISSIVE by default), which secures the
communication between services.
• HTTP, HTTP/2, and gRPC load balancing: Vault services make use of gRPC (Google
Remote Procedure Call) communications internally. It is possible to offload the load
balancing of these to the high-performing Istio Envoy using simple name settings in
Kubernetes service of workloads.