Secure your service mesh with Istio and keep an eye on it with Kiali

Secure your service mesh with Istio and keep an eye on it with Kiali

  • August 4, 2019
Table of Contents

Secure your service mesh with Istio and keep an eye on it with Kiali

It is important to fine-tune the set of services that a workload has access to. It is a good practice to give the least privilege. In that sense, we should grant permissions to each workload to communicate with exactly the services it needs to access.

This could also help reducing the attack surface in case of a compromised workload in our mesh. Unwanted requests between servicesFor example, a developer could contact the ratings service directly instead of using the review service. Let’s simulate this by sending requests from productpage to ratings service.export PRODUCTPAGE_POD=$(kubectl get pod -l app=productpage -o jsonpath={.items..

metadata.name})kubectl exec -it $PRODUCTPAGE_POD -c productpage — python -c ‘import requests;r = requests.get(‘http://ratings:9080/ratings/0’); print r;print r.json()’You should get a similar message to let you know that the request succeeded{u’ratings’: {u’Reviewer2′: 4, u’Reviewer1′: 5}, u’id’: 0}After waiting for some seconds, we can refresh the graph and see the request from productpage to ratings.

Source: medium.com

Tags :
Share :
comments powered by Disqus

Related Posts

Linkerd or Istio?

Linkerd or Istio?

This week I set out to write a post comparing Istio and Linkerd, and I told myself: I’m going to create tables comparing features, and it’s going to be great and people will love and the world will be happier for a few seconds. I promised myself It was going to be a fair comparison without bias from any end. While the ‘comparison table’ is still here, I shifted the focus of the article: the goal is not on which is better, but which is better for you, for your applications, for your organization.

Read More
Using Gloo as an ingress gateway with Istio and mTLS (updated for Istio 1.1!)

Using Gloo as an ingress gateway with Istio and mTLS (updated for Istio 1.1!)

Read More
Visualizing Istio external traffic with Kiali

Visualizing Istio external traffic with Kiali

Suppose that you have an application using several third party services to store files, send messages, write tweets, etc. It is useful to know how much traffic is going off your mesh to these services, for example, you might want to know how many requests are directed to twitter or how much data is being sent to Dropbox. Also knowing if these requests are successful or if they fail.

Read More