We have a K8s cluster where for communication/networking we are using istio's service mesh which has mTLS enabled. Currently there is no such authentication between any services in our cluster, thus any service can call any other service within a cluster.
So my doubt is somehow if one of my container's security is compromised will mTLS helps in stopping lateral attack in other pod? As per me same is not possible only with mTLS and we will need some other way may be explicit authentication b/w services or network policy.
Any doc/reference will be helpful.
I agree with @Jonas that this community is for programming questions only. I believe the proper forum that you can share this question is on serverfault. The link shared is about the information of what type of questions that you can ask.
However, to help you with this concern you might want to check the security provided when you use mTLS. Based from this documentation mTLS authenticates the server in a client-server communication and the communication between client and server are encrypted.
But we also need to see the bigger picture about securing your kubernetes environment. From this link, it will show you various of security features that you can use to secure your kubernetes network environment. In my opinion, having these different security features in kubernetes means mTLS alone might not be enough to secure your network from various lateral attacks.