In part-1,we discussed peer authentication which is service to service.

Request Authentication

In this article we will be exploring Istio request authentication for end users using JWT .

Pre-requisite

  1. Cluster Environment created with EKS or KOPS
  2. Kubectl installed
  3. Istio installed
  4. Need Public key to access the cluster nodes
  5. Private/Public key for token generation/validation

Steps To Generate Public/Private Key Pair using openssl

For sample, we will be using openssl for certificates. In reality you may use CA signed certificates.

openssl genrsa -out private-key.pem 2048
openssl rsa -in private-key.pem -pubout -out public-key.pem

Istio End User Authentication

For user authentication, JWT token should be set in the incoming request. Istio takes care of JWT validation. So if we…


Introduction

Istio is a service mesh for your microservices, which is designed for observability, routing, and resilience to traffic. It secures both north-south traffic and east-west traffic. North-south traffic is traffic entering (ingress) and exiting (egress) the service mesh. Istio handles north-south traffic through ingress and egress gateways, and traffic routing is managed by virtual services.

East-west traffic is traffic within the mesh, typically service-to-service. Istio’ s Envoy proxy manages east-west traffic, running as a sidecar in the Kubernetes pod of the service it is protecting.

Authentication

There are two types of authentication provided by Istio.

  • Peer Authentication
    For service-to-service authentication.
  • Request…

Introduction
Kubernetes is an open source orchestrator for deploying micro services.
Distributed tracing, also called distributed request tracing, is a method used to profile and monitor applications, especially those built using a
microservices architecture. Distributed tracing helps pinpoint where failures occur and what causes poor performance.

In this article, we will set up a distributed tracing system using Jaeger to a spring boot application.

Key Terms in Distributed Tracing
Span

Logical unit of work in Jaeger which provides following key features.

  • Operation Name
  • Start Time of Operation
  • Duration of Operation

Trace
Data execution path through the system.

Baggage
Key-value pairs are…

Abirami T

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store