Elevator Pitch
Robust, transparent, and secure communication between services is absolutely crucial.
In this talk, we will explore how to secure the communication between the services with TLS/mTLS encryption. Securing Ingress/Egress gateways and cross-service communication, blocking unwanted traffic/ports.
Description
Istio allows fine-grained control of the communication between services with dynamic routing. Istio offers functions to secure the inter-service communication against network problems and cascading errors as well as extensive telemetry data for a detailed analysis and tracking of the service communication.
In this talk, we will learn how to service to service communication within the cluster by enabling mTLS/TLS, enabling workspace-wide authorization policy to configure communication b/w services. Blacklist unused ports and URLs to make sure only specified URL/Ports are accessible.
Configuring the Ingress gateways with different LTS termination policies. Blocking ingress traffic if it does not satisfy the security requirements such as TLS ciphers, routing, request origin, etc. Configuring the egress gateways to make external services available within the service mesh, allowing access to the public internet.
Finally showing how to visualize the service mesh graph, traffic, and networking. Visualizing the HTTP request metrics and request traces, helpful debugging tips using the Kiali UI.
These concepts of Istio are explained and demonstrated using several microservice based applications.
Notes
This talk is all about securing the application workload using the Istio. Securing the ingress and egress gateways and helpful debugging tips.