Web Development
Reader small image

You're reading from  Mastering Service Mesh

Product typeBook
Published inMar 2020
Reading LevelIntermediate
PublisherPackt
ISBN-139781789615791
Edition1st Edition
Languages
Go
Tools
Kubernetes
Concepts
Microservices
Right arrow
Authors (2):
Anjali Khatri
Anjali Khatri
author image
Anjali Khatri

Anjali Khatri is an enterprise cloud architect at DivvyCloud, advancing the cloud-native growth for the company by helping customers maintain security and compliance for resources running on AWS, Google, Azure, and other cloud providers. She is a technical leader in the adoption, scaling, and maturity of DivvyCloud's capabilities. In collaboration with product and engineering, she works with customer success around feature request architecture, case studies, account planning, and continuous solution delivery. Prior to Divvycloud, Anjali worked at IBM and Merlin. She has 9+ years of professional experience in program management for software development, open source analytics sales, and application performance consulting.
Read more about Anjali Khatri

Vikram Khatri
Vikram Khatri
author image
Vikram Khatri

Vikram Khatri is the chief architect of Cloud Pak for Data System at IBM. Vikram has 20 years of experience leading and mentoring high-performing, cross-functional teams to deliver high-impact, best-in-class technology solutions. Vikram is a visionary thought leader when it comes to architecting large-scale transformational solutions from monolithic to cloud-native applications that include data and AI. He is an industry-leading technical expert with a track record of leveraging deep technical expertise to develop solutions, resulting in revenues exceeding $1 billion over 14 years, and is also a technology subject matter expert in cloud-native technologies who frequently speaks at industry conferences and trade shows.
Read more about Vikram Khatri

View More author details
Right arrow

Exploring the Security Features of Linkerd

Linkerd provides mutual TLS for service-to-service communication. The securing of communication between services is an out-of-the-box capability and is enabled by default. In this chapter, we will explore Linkerd automatic encryption of TLS communication through sidecar proxies. It shows an important feature for which we do not have to write a single line of code in the application. Since we're running on Kubernetes, there are options for selecting an ingress controller. We will focus on the nginx controller because it is easy to set up, it secures the communication, and it allows certificate rotations.

In a nutshell, we will be learning about the following topics in this chapter:

  • Understanding mTLS traffic checks for proxy-to-proxy communication
  • Installing and deploying Smallstep for leaf certificates and key authority
  • Setting...

Technical requirements

This chapter has a dependency on Chapter 15, Installing Linkerd. You must complete the hands-on exercises of Chapter 15, Installing Linkerd, dealing with the following:

  • Setting up Linkerd
  • Installing a control plane
  • Deploying the booksapp and emojivoto applications

Make sure that you are in the proper Linkerd scripts directory.

$ cd ~/ # Switch to home directory
$ cd linkerd/scripts

For a complete understanding of Linkerd, we also recommend you complete the hands-on exercises from Chapter 16, Exploring the Reliability Features of Linkerd.

Let's explore how mTLS in Linkerd can be used to authenticate and authorize communication for microservices.

Setting up mTLS on Linkerd

Refer to the Enabling mutual TLS within the mesh section of Chapter 11, Exploring Istio's Security Features, for a detailed discussion of mTLS.

Linkerd has made mTLS accessible and straightforward through the use of sidecar proxies by using ephemeral (short-lived) leaf certificates. It automatically uses mTLS across host boundaries to encrypt HTTP and gRPC communication between microservices that are using Linkerd as sidecar proxies. There is no need for any code at the microservice level to handle the TLS communication as the Linkerd control plane takes care of it automatically. Linkerd frees up developers' time for not having to secure communication between microservices.

Since the Linkerd sidecar proxy is attached to a container within the same pod, the existing microservice can have unencrypted (HTTP) communication. Between a service,...

Summary

As we have seen in this chapter, the Linkerd control plane ships with a Certificate Authority (CA) called identity and sidecar proxies. Sidecars run alongside each microservice and receive certificates from the identity CA—which ties to a Kubernetes service account. The sidecar proxies automatically upgrade all communication between edges of the mesh to encrypted TLS connections.

Linkerd leaves it up to you to configure your ingress gateway to secure communications to the edge services of the applications in the Kubernetes cluster. There are choices of ingress controllers that you can use. In the examples of this chapter, we used the nginx ingress gateway to secure the communication and steps to rotate the certificates.

In the next chapter, we will explore the observability features in Linkerd. We will explain the process of metrics collection through sidecar...

Questions

  1. The TLS between service-to-service communication is fully automated in Linkerd.

A) True
B) False

  1. The TLS between the ingress gateway and edge service of the application is fully automated in Linkerd.

A) True
B) False

  1. The linkerd-identity component of the control plane of Linkerd is the Certificate Authority (CA) for the data plane proxies.

A) True
B) False

  1. linkerd-identity automatically rotates the certificates for linkerd-proxy in the data plane.

A) True
B) False

  1. linkerd-identity automatically rotates the certificate for its own CA.

A) True
B) False

  1. You can use trusted certificates of your own CA for linkerd-identity at the time of install only.

A) True
B) False

  1. You can change the trusted certificate of the control plane at any time, but that requires reinstallation of the control plane.

A) True
B) False

Further reading

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 23 of 31
Next Chapter
You have been reading a chapter from
Mastering Service Mesh
Published in: Mar 2020Publisher: PacktISBN-13: 9781789615791
© 2020 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Anjali Khatri

Anjali Khatri is an enterprise cloud architect at DivvyCloud, advancing the cloud-native growth for the company by helping customers maintain security and compliance for resources running on AWS, Google, Azure, and other cloud providers. She is a technical leader in the adoption, scaling, and maturity of DivvyCloud's capabilities. In collaboration with product and engineering, she works with customer success around feature request architecture, case studies, account planning, and continuous solution delivery. Prior to Divvycloud, Anjali worked at IBM and Merlin. She has 9+ years of professional experience in program management for software development, open source analytics sales, and application performance consulting.
Read more about Anjali Khatri

author image
Vikram Khatri

Vikram Khatri is the chief architect of Cloud Pak for Data System at IBM. Vikram has 20 years of experience leading and mentoring high-performing, cross-functional teams to deliver high-impact, best-in-class technology solutions. Vikram is a visionary thought leader when it comes to architecting large-scale transformational solutions from monolithic to cloud-native applications that include data and AI. He is an industry-leading technical expert with a track record of leveraging deep technical expertise to develop solutions, resulting in revenues exceeding $1 billion over 14 years, and is also a technology subject matter expert in cloud-native technologies who frequently speaks at industry conferences and trade shows.
Read more about Vikram Khatri

Other recommended products

Related to this chapter

kubectl: Command-Line Kubernetes in a Nutshell

kubectl: Command-Line Kubernetes in a Nutshell

Kubernetes is a de facto container orchestration system. To manage Kubernetes, you must understand how to work with kubectl, its command-line tool that lets you interact with your clusters to deploy applications and manage their lifecycle. This book is a comprehensive introduction for those who are new to Kubernetes management via the command line.

BookNov 2020136 pages
Kubernetes - A Complete DevOps Cookbook

Kubernetes - A Complete DevOps Cookbook

Kubernetes is one of the most popular, sophisticated, and fast-evolving container orchestrators. In this book, you’ll learn the essentials and find out about the advanced administration and orchestration techniques in Kubernetes. Readers will also learn to manage containers using the latest version of Kubernetes with a recipe-based approach.

BookMar 2020584 pages
Mastering Kubernetes

Mastering Kubernetes

This new third edition of Mastering Kubernetes, updated with the latest tools and code, explores the newest features in Kubernetes 1.18 throughout the book to fully leverage the modularity and flexibility that Kubernetes offers to build and run large scale distributed applications.

BookJun 2020642 pages
Kubernetes Cookbook

Kubernetes Cookbook

Kubernetes is one of the most popular, sophisticated, and fast-evolving container orchestrators. In this book, you’ll learn the essentials and find out about the advanced administration in Kubernetes. We’ll take you through a step-by-step hands-on approach, which will familiarize you with the Kubernetes ecosystem.

BookMay 2018554 pages
Kubernetes Design Patterns and Extensions

Kubernetes Design Patterns and Extensions

Kubernetes is an open source platform that automates scaling, deployment, and management of container-based applications. The book starts by explaining basics about container orchestration and then moves on to explain how the components of a complex system, such as Kubernetes, interact with each other and helps develop vital skills for troubleshooting Kubernetes clusters and applications running in Kubernetes clusters. Once you are done reading the book, you can easily develop and deploy your own applications with Kubernetes in no time.

BookSep 2018106 pages
Hands-On Kubernetes on Azure

Hands-On Kubernetes on Azure

This book will help readers to Deploy web applications securely in Microsoft Azure with docker container and having the need for clustering services to achieve high availability, dynamic scalability, and to monitor applications

BookMar 2019258 pages
Kubernetes for Developers

Kubernetes for Developers

Kubernetes provides a means to describe what your application needs and how it should run by orchestrating containers on your behalf to operate your software across a single, dozens, or hundreds of machines. Originally created and open sourced from Google, you can use their technology to help run, test, and scale your applications regardless of which cloud provider you use, or even running it locally on your own hardware. This book will show you how to take advantage of this amazing technology by introducing the key concepts and walking you through examples in both NodeJS and Python.

BookApr 2018374 pages
Practical Site Reliability Engineering

Practical Site Reliability Engineering

This book will help you to comprehensively understand the various facets and factors involved in progressing your career in Site Reliability Engineering (SRE). Enterprise and cloud IT teams and software engineers will learn to adopt the SRE concepts and culture in a simplified and streamlined fashion.

BookNov 2018390 pages
Hands-On Microservices with Kubernetes

Hands-On Microservices with Kubernetes

Hands-on Microservices with Kubernetes will help you create a complete CI/CD pipeline and design and implement microservices using best practices. You will get hands on experience with the latest and greatest technologies, such as gRPC APIs, serverless frameworks, and service meshes.

BookJul 2019502 pages
Microservices with Spring Boot and Spring Cloud

Microservices with Spring Boot and Spring Cloud

This book takes you through tried and tested approaches to building distributed systems and implementing microservices architecture. It follows a single real-world project from start to finish, using Spring Boot, Spring Cloud, and a full suite of related tools and frameworks for development, security, testing, and deployment.

BookJul 2021774 pages5
Cloud Native with Kubernetes

Cloud Native with Kubernetes

Cloud Native with Kubernetes will guide you effectively - from your first steps using Kubernetes right up to running enterprise-grade cloud native applications with best practices. The book covers every aspect of deploying, securing, and operating modern cloud native applications on Kubernetes.

BookJan 2021446 pages
The DevOps 2.4 Toolkit

The DevOps 2.4 Toolkit

The DevOps Toolkit 2.4 is a deep exploration of continuous delivery and deployment in Kubernetes using Jenkins. It shows readers how to build, test, and deploy applications in Kubernetes using fully automated Jenkins pipelines.

BookNov 2019398 pages

Personalised recommendations for you

Based on your interests and search pattern

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development covers everything a frontend developer or a Drupal developer needs to know about the Drupal 10 theme layer. Using real-world examples, this book will help you to build up from an empty theme to a fast, responsive, maintainable, and accessible Drupal website in both monolithic and decoupled ways.

BookAug 2023360 pages4
Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React contains a wealth of practical guidance for picking up full stack development. The step-by-step exploration of everything from dependency injection, ORM with Hibernate, and JWTs to RESTful APIs, UI styling, and TypeScript will help you to develop the Spring Boot and React skills you need.

BookOct 2023454 pages5
Modern API Development with Spring 6 and Spring Boot 3

Modern API Development with Spring 6 and Spring Boot 3

This practical guide teaches inexperienced Java programmers and web developers how to design, develop, test, and deploy highly scalable and maintainable APIs using REST, gRPC, GraphQL, and reactive programming paradigms with Java and Spring Boot. Complete with real-world examples, it will guide you to build enterprise-level APIs and services.

BookSep 2023494 pages1
Hands-On Web Scraping with Python

Hands-On Web Scraping with Python

This book guides you to discover and extract quality data from the web using Python libraries such as requests, lxml, pyquery, scrapy, and to use effective scraping techniques. It’ll help you master the fundamentals and advanced concepts of web scraping and apply your skills to real-world data extraction tasks, with analysis and visualization.

BookOct 2023324 pages
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages4
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages3
Full Stack Web Development with Remix

Full Stack Web Development with Remix

Unlock the power of the web platform and cutting-edge technologies for your React applications using Remix to take advantage of the full stack to create a great user experience. This book is a complete resource covering the conventions, levers, and primitives of Remix and illustrates concepts through a real-world project.

BookNov 2023318 pages
Real-World Svelte

Real-World Svelte

This book is a must-have guide to unlocking Svelte's true potential. You’ll learn about advanced component development, efficient coding, and powerful UI patterns using actions. With a focus on state management, custom stores, and renderless components, this book equips you to build exceptional web apps with lightning-fast performance.

BookDec 2023282 pages3
Building Micro Frontends with React 18

Building Micro Frontends with React 18

This book is a step-by-step guide to building production-grade, highly scalable, and performant web apps using multi-SPA and micro apps patterns, where you’ll learn to deal with complexities related to micro frontends. The book is a full life cycle guide to building, deploying, and managing micro frontends in a cloud-native environment.

BookOct 2023218 pages
Drupal 10 Masterclass

Drupal 10 Masterclass

This all-in-one guide helps you get up and running with building Drupal applications using the latest Drupal 10 features. You’ll develop a complete practical understanding of Drupal frontend, backend, architecture, content management, themes, and modules to deliver a rich user experience by creating custom Drupal apps.

BookDec 2023310 pages
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages5
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages2