Service mesh implementations help move critical application networking functionality out of the applications and into the infrastructure. With a service mesh like Istio, for example, you can move complicated traffic routing, resiliency aspects, and top-line metric collection out of the application code. This helps you build complicated distributed systems a bit more safely. But can Istio help with solving security issues?
Christian Posta explores some of the ways Istio helps you build more secure systems with mutual TLS, OAuth 2.0, and JSON Web Token verification. Security starts with defining trust boundaries and establishing identities. Istio helps do this by leveraging SPIFEE to assign identity and lay the foundation for zero-trust application networking. Istio then leverages this identity to take over the issuance and management of workload identity documents (e.g., x509 certificates), which can then be used to provide client authentication and mTLS. Istio also helps with OAuth flows, JWT verification, RBAC/ABAC, and much more.
You may be drawn into using Istio for its traffic management functionality, but most customers Christian works with find themselves much more interested in the security aspects once they learn what they can do with it. Join in to see for yourself.
Christian Posta is field CTO at solo.io, where he helps companies create and deploy large-scale, resilient, distributed architectures—many of what we now call serverless and microservices. Previously, Christian spent time at web-scale companies. He’s well known in the community as an author—of Istio in Action (Manning) and Microservices for Java Developers (O’Reilly)—a frequent blogger, a speaker, an open source enthusiast, and a committer on various open source projects, including Istio and Kubernetes. He enjoys mentoring, training, and leading teams to be successful with distributed systems concepts, microservices, DevOps, and cloud native application design. You can find Christian on Twitter as @christianposta.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com