You're reading from Microservices with Spring Boot 3 and Spring Cloud, Third Edition Build resilient and scalable microservices using Spring Cloud, Istio, and Kubernetes

Product type Paperback

Published in Aug 2023

Publisher Packt

ISBN-13 9781805128694

Length 706 pages

Edition 3rd Edition

Languages

Java

Tools

Istio

Concepts

Microservices

Author (1):

Magnus Larsson AB

View More author details

Table of Contents (26) Chapters

Preface

1. Introduction to Microservices

2. Introduction to Spring Boot FREE CHAPTER

3. Creating a Set of Cooperating Microservices

4. Deploying Our Microservices Using Docker

5. Adding an API Description Using OpenAPI

6. Adding Persistence

7. Developing Reactive Microservices

8. Introduction to Spring Cloud

9. Adding Service Discovery Using Netflix Eureka

10. Using Spring Cloud Gateway to Hide Microservices behind an Edge Server

11. Securing Access to APIs

12. Centralized Configuration

13. Improving Resilience Using Resilience4j

14. Understanding Distributed Tracing

15. Introduction to Kubernetes

16. Deploying Our Microservices to Kubernetes

17. Implementing Kubernetes Features to Simplify the System Landscape

18. Using a Service Mesh to Improve Observability and Management

19. Centralized Logging with the EFK Stack

20. Monitoring Microservices

21. Installation Instructions for macOS

22. Installation Instructions for Microsoft Windows with WSL 2 and Ubuntu

23. Native-Complied Java Microservices

24. Other Books You May Enjoy

25. Index

Securing a service mesh

In this section, we will learn how to use Istio to improve the security of a service mesh. We will cover the following topics:

How to protect external endpoints with HTTPS and certificates
How to require that external requests are authenticated using OAuth 2.0/OIDC access tokens
How to protect internal communication using mutual authentication (mTLS)

Let’s now understand each of these in the following sections.

Protecting external endpoints with HTTPS and certificates

From the Setting up access to Istio services and Content in the _istio_base.yaml template sections, we learned that the gateway objects use a TLS certificate stored in a Secret named hands-on-certificate for its HTTPS endpoints.

The Secret is created by the cert-manager based on the configuration in the istio-system Helm chart. The chart’s template, selfsigned-issuer.yaml, is used to define an internal self-signed CA and has the following...