New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authenticated TLS and access control for all services (aka service mesh) #601

Open

4 tasks

vlamy opened this issue Aug 18, 2022 · 0 comments

Open

4 tasks

Authenticated TLS and access control for all services (aka service mesh) #601

vlamy opened this issue Aug 18, 2022 · 0 comments

Labels

security squarescale stage 2023

Contributor

vlamy commented Aug 18, 2022 •

edited

Loading

Objectives

Each service can be authenticated via TLS
Traffic between services is crypted with TLS (make sub issues for AMQP and protobuf)
We can control the mesh topology of services access (i.e. explicitly allow who can connect to who)

What is a service Mesh ?

Introduction to service mesh problem : https://www.youtube.com/watch?v=mxeMdl0KvBI

Implementation using consul connect

So as to reach the objectives, Voogle will rely on Consul connect as Squarescale integrated services.

Tasks

Enable Consul connect on the environment
Setup Consul Connect and Vault (initialise PKI, etc...)
Use in production

Demo

Setup a demo of Voogle service Mesh, based on Observability, logs and dynamic setup of services access control (by instance disable some access between services and show that this does not work anymore).

vlamy added security stage 2023 squarescale labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment