Enforce mTLS using Rafay's Managed Service Mesh¶
Earlier this week, we provided "hands-on, labs based training" for approximately 25 technologists on the recently introduced "Managed Service Mesh" capability in the Rafay Kubernetes Operations Platform.
Here's what we setup for the enablement session:
- Each attendee was provided with their own Kubernetes cluster.
- We spun up 25 Kubernetes clusters on Digital Ocean just a few hours before the session.
- Each attendee had their own dedicated "project" in the "Training" Org
Background¶
It is now becoming a standard operational requirement for applications to require the use of a Zero Trust security model. One of the important aspects of this model is the use of mutual TLS (mTLS) to ensure all communication between services are mutually authenticated and strongly encrypted.
Application teams commonly find themselves having to deal with this in the 11th hour. At this point, it is either "too late" to retrofit their application business logic or the legacy containerized application is not capable of being retrofitted. The service mesh's sidecar based enforcement approach is a perfect solution for scenarios like this.
