My application consists of four microservices. (hr, salary, stock and employee). Users of the application access the "hr" service using http. To fulfill this request the hr microservice communicates with other 3 and sends back a response to the user.
I had deployed this application (4 micro-services) in a kubernetes cluster.
Then I wanted to learn Istio so I set up the same application on a mutual TLS enabled environment and set up http ingress gateway for external access. Now all my services have a sidecar which mandates mTLS communication and external user accesses this using an ingress gateway.
Can you please help me understand what sort of security advantages I introduced by moving to the Istio based deployment? What are the attack points did I just closed? Please point them as scenarios since I'm new to the security landscape.
