Tuesday, October 26, 2021
Adoption of Service Mesh is rising and deploying Service Mesh on multiple clusters (on premise, in the cloud, in different clouds, ...) is becoming a standard requirement. But it's also introducing new challenges: - how to ensure each service has a unique identity across the clusters - how to secure the communications between the clusters - how to manage RBAC globally In this talk, I'll focus on Istio and show how to overcome these challenges. I'll introduce SPIFFE and explain how to use trust domains and service accounts to ensure a unique identity globally. I'll also demonstrate how service discovery can be performed natively or using a third party solution, how to simplify cross cluster communications and allow service failover. Finally, I'll cover how a global RBAC can be put in place."