In part-1,we discussed peer authentication which is service to service.
In this article we will be exploring Istio request authentication for end users using JWT .
For sample, we will be using openssl for certificates. In reality you may use CA signed certificates.
openssl genrsa -out private-key.pem 2048
openssl rsa -in private-key.pem -pubout -out public-key.pem
For user authentication, JWT token should be set in the incoming request. Istio takes care of JWT validation. So if we…
Istio is a service mesh for your microservices, which is designed for observability, routing, and resilience to traffic. It secures both north-south traffic and east-west traffic. North-south traffic is traffic entering (ingress) and exiting (egress) the service mesh. Istio handles north-south traffic through ingress and egress gateways, and traffic routing is managed by virtual services.
East-west traffic is traffic within the mesh, typically service-to-service. Istio’ s Envoy proxy manages east-west traffic, running as a sidecar in the Kubernetes pod of the service it is protecting.
There are two types of authentication provided by Istio.
Kubernetes is an open source orchestrator for deploying micro services.
Distributed tracing, also called distributed request tracing, is a method used to profile and monitor applications, especially those built using a
microservices architecture. Distributed tracing helps pinpoint where failures occur and what causes poor performance.
In this article, we will set up a distributed tracing system using Jaeger to a spring boot application.
Key Terms in Distributed Tracing
Logical unit of work in Jaeger which provides following key features.
Data execution path through the system.
Key-value pairs are…