This chapter covers
- Where to perform user authentication and authorization in a microservice system
- Deciding on the level of trust in your microservice system
- Limiting microservice-to-microservice requests
- Using an API Gateway to authenticate users
- Using Kubernetes network policies to limit microservice-to-microservice requests
Up to this point in the book, we’ve ignored security; but for most systems, security is an important concern that needs careful attention. This chapter discusses how to address security concerns in a microservice system. In a monolith, the monolith completes user authentication and authorization—there is, after all, only the monolith to do those things. In a microservice system, several microservices are involved in answering most user requests; the question is this: which ones are responsible for authentication, and which ones are responsible for authorization? You must also ask how much the microservices can trust each other: