Part 3. Service-to-service communications

 

In part 2, you learned how to protect your microservices at the edge. After a request from a client application passes through the security at the edge and enters into your microservices deployment, you’ll need to secure the interactions among microservices. The chapters in this part of the book teach you those skills.

Chapter 6 teaches you how to secure communications among microservices that take place over HTTP, with mutual Transport Layer Security (mTLS).

In chapter 7, you’ll learn how to share contextual data (for example, the end-user context) among microservices by using JSON Web Token (JWT).

Not all microservices use JSON over HTTP for service-to-service interactions, and gRPC is already a popular pick as an alternative. Chapter 8 teaches you how to secure communications among microservices that take place over gRPC, with mTLS and JWT.

Chapter 9 teaches you how to secure reactive microservices. It also teaches you how to set up Kafka as a message broker, and how to enforce access-control policies for Kafka topics.

When you’re finished with this part of the book, you’ll know how to protect service-to-service communications in your microservices deployment that take place over HTTP or gRPC, as well as how to protect reactive microservices.