Authenticated TLS and access control for all services (aka service mesh)

vlamy opened this issue 2 years ago · 0 comments

vlamy commented 2 years ago

Objectives

Each service can be authenticated via TLS
Traffic between services is crypted with TLS (make sub issues for AMQP and protobuf)
We can control the mesh topology of services access (i.e. explicitly allow who can connect to who)

What is a service Mesh ?

Introduction to service mesh problem : https://www.youtube.com/watch?v=mxeMdl0KvBI

Implementation using consul connect

So as to reach the objectives, Voogle will rely on Consul connect as Squarescale integrated services.

Tasks

Enable Consul connect on the environment
Setup Consul Connect and Vault (initialise PKI, etc...)
Use in production

Demo

Setup a demo of Voogle service Mesh, based on Observability, logs and dynamic setup of services access control (by instance disable some access between services and show that this does not work anymore).