4 Anthos Service Mesh: Security and observability at scale

 

Onofrio Petragallo

This chapter covers

  • Sidecar proxy and proxyless architectures
  • Introducing the main features of Istio
  • Security and observability with Istio
  • Exploring Anthos Service Mesh
  • A practical example with code

One of the key aspects of being cloud native is to break up your application into microservices. This means an application that may have run on a single server now has multiple services, backed by multiple Pods, as separate components. As applications scale out their services, it becomes difficult to troubleshoot problems that you may encounter with the application. With this added complexity, we needed a tool to help organize, secure, and add resilience to the expanding complexities that microservices introduced. Another important problem is that enterprises often have a huge number of microservices and aren’t always able to control, manage, and observe them—something a service mesh could fix.

In this chapter, we will discuss Anthos Service Mesh (ASM) and the features that ASM inherits from Istio (https://istio.io/), a popular open source framework for creating, managing, and implementing a service mesh.

4.1 Technical requirements

4.2 What is a service mesh?

4.3 An introduction to Istio

4.3.1 Istio architecture

4.3.2 Istio traffic management

4.3.3 Istio security

4.3.4 Istio observability

4.4 What is Anthos Service Mesh?

4.5 Installing ASM

4.5.1 Sidecar proxy injection

4.5.2 Uniform observability

4.5.3 Operational agility

4.5.4 Policy-driven security

4.6 Conclusion