Enforcing TLS within your service mesh – Implementing Traffic Management, Security, and Observability with Istio-3

Author
Lisa DiFranco
Created
Updated
Comments
0
Reading time
1 min
Views
224
Categories: Cloud Certifications, Disaster recovery, RTO, and RPO, Exams of Cloud, Traffic mirroring, Understanding SLIs, SLOs, and SLAs

As we can see, we get an HTTP 404 response from the posts, reviews, and users microservices. The ratings microservice returns a 403 Forbidden response, and the mongodb service reports that the resource is unavailable. This means that our setup is working correctly.

Let’s try the same with the posts microservice:
$ kubectl -n blog-app exec -it $(kubectl get pod -n blog-app | \ grep posts | awk {‘print $1’}) — /bin/sh / # wget mongodb:27017
Connecting to mongodb:27017 (10.68.0.18:27017)
saving to ‘index.html’
index.html 100% ||
‘index.html’ saved
85 0:00:00 ETA
/ # wget ratings:5000
Connecting to ratings:5000 (10.71.242.178:5000) wget: server returned error: HTTP/1.1 403 Forbidden / # wget reviews:5000
Connecting to reviews:5000 (10.71.244.177:5000) wget: server returned error: HTTP/1.1 403 Forbidden / # wget users:5000
Connecting to users:5000 (10.71.241.255:5000)
wget: server returned error: HTTP/1.1 403 Forbidden / # exit
command terminated with exit code 1

As we can see, the posts microservice can communicate successfully with mongodb, but the rest of the microservices return 403 Forbidden. This iswhat we were expecting. Now, let’s do the same with the reviews microservice:
$ kubectl -n blog-app exec -it $(kubectl get pod -n blog-app | \ grep reviews | awk {‘print $1’}) — /bin/sh / # wget ratings:5000
Connecting to ratings:5000 (10.71.242.178:5000) wget: server returned error: HTTP/1.1 404 Not Found / # wget mongodb:27017
Connecting to mongodb:27017 (10.68.0.18:27017)
saving to ‘index.html’
index.html 100% |**| 85 0:00:00 ETA
‘index.html’ saved
/ # wget users:5000
Connecting to users:5000 (10.71.241.255:5000)
wget: server returned error: HTTP/1.1 403 Forbidden / # exit
command terminated with exit code 1

As we can see, the reviews microservice can successfully connect with the ratings microservice and mongodb, while getting a 403 response from other microservices. This iswhat we expected. Now, let’s check the ratings microservice:
$ kubectl -n blog-app exec -it $(kubectl get pod -n blog-app \ | grep ratings | awk {‘print $1’}) — /bin/sh
/ # wget mongodb:27017
Connecting to mongodb:27017 (10.68.0.18:27017)
saving to ‘index.html’
index.html 100% ||
85 0:00:00 ETA
‘index.html’ saved
/ # wget ratings:5000
Connecting to ratings:5000 (10.71.242.178:5000) wget: server returned error: HTTP/1.1 403 Forbidden / # exit
command terminated with exit code 1

As we can see, the ratings microservice can only connect successfully with the mongdb database and gets a 403 response for other services.

Now that we’ve tested all the services, the setup is working fine. We’ve secured our microservices to a great extent! Now, let’s look at another aspect of managing microservices with Istio – traffic management.

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *