Web Development
Reader small image

You're reading from  Mastering Service Mesh

Product typeBook
Published inMar 2020
Reading LevelIntermediate
PublisherPackt
ISBN-139781789615791
Edition1st Edition
Languages
Go
Tools
Kubernetes
Concepts
Microservices
Right arrow
Authors (2):
Anjali Khatri
Anjali Khatri
author image
Anjali Khatri

Anjali Khatri is an enterprise cloud architect at DivvyCloud, advancing the cloud-native growth for the company by helping customers maintain security and compliance for resources running on AWS, Google, Azure, and other cloud providers. She is a technical leader in the adoption, scaling, and maturity of DivvyCloud's capabilities. In collaboration with product and engineering, she works with customer success around feature request architecture, case studies, account planning, and continuous solution delivery. Prior to Divvycloud, Anjali worked at IBM and Merlin. She has 9+ years of professional experience in program management for software development, open source analytics sales, and application performance consulting.
Read more about Anjali Khatri

Vikram Khatri
Vikram Khatri
author image
Vikram Khatri

Vikram Khatri is the chief architect of Cloud Pak for Data System at IBM. Vikram has 20 years of experience leading and mentoring high-performing, cross-functional teams to deliver high-impact, best-in-class technology solutions. Vikram is a visionary thought leader when it comes to architecting large-scale transformational solutions from monolithic to cloud-native applications that include data and AI. He is an industry-leading technical expert with a track record of leveraging deep technical expertise to develop solutions, resulting in revenues exceeding $1 billion over 14 years, and is also a technology subject matter expert in cloud-native technologies who frequently speaks at industry conferences and trade shows.
Read more about Vikram Khatri

View More author details
Right arrow

Service Mesh Interface and SPIFFE

As the service mesh concept continues to evolve, a Service Mesh Interface (SMI) specification is emerging, which provides interoperability between different service meshes. Kubernetes has already made network and storage extensible through the Container Network Interface (CNI) and Container Storage Interface (CSI) specifications. In the same spirit, the SMI specification, though new, has started to gain traction from different service mesh providers.

This chapter will introduce you to the evolving SMI specification and the SPIFFE specification, which provide secure naming conventions for the services running in a Kubernetes environment.

In this chapter, we will cover the following topics:

  • SMI
  • SPIFFE

SMI

The SMI is a specification standard for portable APIs for interoperability between service mesh providers. Brendan Burns proposed the SMI in May 2019 for a common standard along the lines of CNI, CSI, and OCI, which are the abstraction interface standards for network, storage, and containers for Kubernetes.

As service meshes continue to gain momentum in order to provide an infrastructure layer on top of modern cloud-native applications, the need for a SMI specification is arising. Gabe Monroy announced the launch of the SMI in May 2019 with the launch of an open source project (https://smi-spec.io/) in collaboration with Istio, Linkerd, and Consul.

SMI intends to support tooling through an abstraction layer for frameworks such as Weavework's Flagger (https://github.com/weaveworks/flagger) and Rancher Labs' Rio (https://rio.io and https://github.com/rancher/rio...

SPIFFE

Secure Production Identity Framework for Everyone (SPIFFEhttps://spiffe.io) was inspired by a few brilliant engineers due to their need to remove application-level authentication and network-level access control configuration. Joe Beda, one of the creators of Kubernetes, was the original author of the SPIFFE specification.

SPIFFE started as open source in 2016 for securely identifying software systems in dynamic and heterogeneous environments. It is mainly about establishing trust in a complex distributed environment where workloads are dynamically scaled and scheduled to run on any node in a cluster. The workloads using SPIFFE identify themselves with each other by looking at URIs such as spiffe://trust-domain/path, which are defined in a Subject Alternative Name (SAN) field in X.509 certificates.

SPIFFE's runtime environment is called the SPIFFE Runtime...

Summary

In this chapter, we learned how the service mesh is evolving and that the SMI is in its infancy. It is worth mentioning that the SMI, in terms of standards and abstraction, plays an important role for different service providers so that they can use a common standard. We also covered SPIFFE as a specification, which provides a secure naming convention for the workload so that it can be run in a zero-trust network. Istio has implemented SPIFFE through its control plane to provide a security infrastructure where a certificate's time-to-live could be as small as 15 minutes and maintain the PKI as a self-service model.

From this point on, we'll look at each of the different service mesh implementations. However, before we do that, we will build a demo environment so that we can practice using each of the service meshes on our own Windows laptop or Apple MacBook...

Questions

  1. SPIFFE is a specification and not a toolset.

A) True
B) False

  1. SMI is an alternative to service mesh providers.

A) True
B) False

  1. Only Istio and Consul use SPIFFE at the moment.

A) True
B) False

  1. Istio does not use SPIRE, but it has its implementation.

A) True
B) False

Further reading

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 8 of 31
Next Chapter
You have been reading a chapter from
Mastering Service Mesh
Published in: Mar 2020Publisher: PacktISBN-13: 9781789615791
© 2020 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Anjali Khatri

Anjali Khatri is an enterprise cloud architect at DivvyCloud, advancing the cloud-native growth for the company by helping customers maintain security and compliance for resources running on AWS, Google, Azure, and other cloud providers. She is a technical leader in the adoption, scaling, and maturity of DivvyCloud's capabilities. In collaboration with product and engineering, she works with customer success around feature request architecture, case studies, account planning, and continuous solution delivery. Prior to Divvycloud, Anjali worked at IBM and Merlin. She has 9+ years of professional experience in program management for software development, open source analytics sales, and application performance consulting.
Read more about Anjali Khatri

author image
Vikram Khatri

Vikram Khatri is the chief architect of Cloud Pak for Data System at IBM. Vikram has 20 years of experience leading and mentoring high-performing, cross-functional teams to deliver high-impact, best-in-class technology solutions. Vikram is a visionary thought leader when it comes to architecting large-scale transformational solutions from monolithic to cloud-native applications that include data and AI. He is an industry-leading technical expert with a track record of leveraging deep technical expertise to develop solutions, resulting in revenues exceeding $1 billion over 14 years, and is also a technology subject matter expert in cloud-native technologies who frequently speaks at industry conferences and trade shows.
Read more about Vikram Khatri

Other recommended products

Related to this chapter

kubectl: Command-Line Kubernetes in a Nutshell

kubectl: Command-Line Kubernetes in a Nutshell

Kubernetes is a de facto container orchestration system. To manage Kubernetes, you must understand how to work with kubectl, its command-line tool that lets you interact with your clusters to deploy applications and manage their lifecycle. This book is a comprehensive introduction for those who are new to Kubernetes management via the command line.

BookNov 2020136 pages
Kubernetes - A Complete DevOps Cookbook

Kubernetes - A Complete DevOps Cookbook

Kubernetes is one of the most popular, sophisticated, and fast-evolving container orchestrators. In this book, you’ll learn the essentials and find out about the advanced administration and orchestration techniques in Kubernetes. Readers will also learn to manage containers using the latest version of Kubernetes with a recipe-based approach.

BookMar 2020584 pages
Mastering Kubernetes

Mastering Kubernetes

This new third edition of Mastering Kubernetes, updated with the latest tools and code, explores the newest features in Kubernetes 1.18 throughout the book to fully leverage the modularity and flexibility that Kubernetes offers to build and run large scale distributed applications.

BookJun 2020642 pages
Kubernetes Cookbook

Kubernetes Cookbook

Kubernetes is one of the most popular, sophisticated, and fast-evolving container orchestrators. In this book, you’ll learn the essentials and find out about the advanced administration in Kubernetes. We’ll take you through a step-by-step hands-on approach, which will familiarize you with the Kubernetes ecosystem.

BookMay 2018554 pages
Kubernetes Design Patterns and Extensions

Kubernetes Design Patterns and Extensions

Kubernetes is an open source platform that automates scaling, deployment, and management of container-based applications. The book starts by explaining basics about container orchestration and then moves on to explain how the components of a complex system, such as Kubernetes, interact with each other and helps develop vital skills for troubleshooting Kubernetes clusters and applications running in Kubernetes clusters. Once you are done reading the book, you can easily develop and deploy your own applications with Kubernetes in no time.

BookSep 2018106 pages
Hands-On Kubernetes on Azure

Hands-On Kubernetes on Azure

This book will help readers to Deploy web applications securely in Microsoft Azure with docker container and having the need for clustering services to achieve high availability, dynamic scalability, and to monitor applications

BookMar 2019258 pages
Kubernetes for Developers

Kubernetes for Developers

Kubernetes provides a means to describe what your application needs and how it should run by orchestrating containers on your behalf to operate your software across a single, dozens, or hundreds of machines. Originally created and open sourced from Google, you can use their technology to help run, test, and scale your applications regardless of which cloud provider you use, or even running it locally on your own hardware. This book will show you how to take advantage of this amazing technology by introducing the key concepts and walking you through examples in both NodeJS and Python.

BookApr 2018374 pages
Practical Site Reliability Engineering

Practical Site Reliability Engineering

This book will help you to comprehensively understand the various facets and factors involved in progressing your career in Site Reliability Engineering (SRE). Enterprise and cloud IT teams and software engineers will learn to adopt the SRE concepts and culture in a simplified and streamlined fashion.

BookNov 2018390 pages
Hands-On Microservices with Kubernetes

Hands-On Microservices with Kubernetes

Hands-on Microservices with Kubernetes will help you create a complete CI/CD pipeline and design and implement microservices using best practices. You will get hands on experience with the latest and greatest technologies, such as gRPC APIs, serverless frameworks, and service meshes.

BookJul 2019502 pages
Microservices with Spring Boot and Spring Cloud

Microservices with Spring Boot and Spring Cloud

This book takes you through tried and tested approaches to building distributed systems and implementing microservices architecture. It follows a single real-world project from start to finish, using Spring Boot, Spring Cloud, and a full suite of related tools and frameworks for development, security, testing, and deployment.

BookJul 2021774 pages5
Cloud Native with Kubernetes

Cloud Native with Kubernetes

Cloud Native with Kubernetes will guide you effectively - from your first steps using Kubernetes right up to running enterprise-grade cloud native applications with best practices. The book covers every aspect of deploying, securing, and operating modern cloud native applications on Kubernetes.

BookJan 2021446 pages
The DevOps 2.4 Toolkit

The DevOps 2.4 Toolkit

The DevOps Toolkit 2.4 is a deep exploration of continuous delivery and deployment in Kubernetes using Jenkins. It shows readers how to build, test, and deploy applications in Kubernetes using fully automated Jenkins pipelines.

BookNov 2019398 pages

Personalised recommendations for you

Based on your interests and search pattern

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development covers everything a frontend developer or a Drupal developer needs to know about the Drupal 10 theme layer. Using real-world examples, this book will help you to build up from an empty theme to a fast, responsive, maintainable, and accessible Drupal website in both monolithic and decoupled ways.

BookAug 2023360 pages4
Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React contains a wealth of practical guidance for picking up full stack development. The step-by-step exploration of everything from dependency injection, ORM with Hibernate, and JWTs to RESTful APIs, UI styling, and TypeScript will help you to develop the Spring Boot and React skills you need.

BookOct 2023454 pages5
Modern API Development with Spring 6 and Spring Boot 3

Modern API Development with Spring 6 and Spring Boot 3

This practical guide teaches inexperienced Java programmers and web developers how to design, develop, test, and deploy highly scalable and maintainable APIs using REST, gRPC, GraphQL, and reactive programming paradigms with Java and Spring Boot. Complete with real-world examples, it will guide you to build enterprise-level APIs and services.

BookSep 2023494 pages1
Hands-On Web Scraping with Python

Hands-On Web Scraping with Python

This book guides you to discover and extract quality data from the web using Python libraries such as requests, lxml, pyquery, scrapy, and to use effective scraping techniques. It’ll help you master the fundamentals and advanced concepts of web scraping and apply your skills to real-world data extraction tasks, with analysis and visualization.

BookOct 2023324 pages
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages4
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages3
Full Stack Web Development with Remix

Full Stack Web Development with Remix

Unlock the power of the web platform and cutting-edge technologies for your React applications using Remix to take advantage of the full stack to create a great user experience. This book is a complete resource covering the conventions, levers, and primitives of Remix and illustrates concepts through a real-world project.

BookNov 2023318 pages
Real-World Svelte

Real-World Svelte

This book is a must-have guide to unlocking Svelte's true potential. You’ll learn about advanced component development, efficient coding, and powerful UI patterns using actions. With a focus on state management, custom stores, and renderless components, this book equips you to build exceptional web apps with lightning-fast performance.

BookDec 2023282 pages3
Building Micro Frontends with React 18

Building Micro Frontends with React 18

This book is a step-by-step guide to building production-grade, highly scalable, and performant web apps using multi-SPA and micro apps patterns, where you’ll learn to deal with complexities related to micro frontends. The book is a full life cycle guide to building, deploying, and managing micro frontends in a cloud-native environment.

BookOct 2023218 pages
Drupal 10 Masterclass

Drupal 10 Masterclass

This all-in-one guide helps you get up and running with building Drupal applications using the latest Drupal 10 features. You’ll develop a complete practical understanding of Drupal frontend, backend, architecture, content management, themes, and modules to deliver a rich user experience by creating custom Drupal apps.

BookDec 2023310 pages
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages5
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages2