...
- External communication:
- Components expose (external) interfaces to Ingress
- Encryption on Ingress (optional)
- Internal communication:
- Service Mesh enabled
- No TLS port encryption on pods
- Direct encrypted inter-component communication (via sidecars)
Solution using Istio (all components deployed on one k8s cluster):
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| border | true |
|---|---|
| diagramName | dia-4 |
| simpleViewer | false |
| width | 400 |
| links | auto |
| tbstyle | top |
| lbox | true |
| diagramWidth | 801 |
| revision | 3 |
Solution Solution using Istio (all components deployed on different k8s clusters):
Alternative future solution using eBPF via Cilium:
https://cilium.io/blog/2020/11/10/ebpf-future-of-networking/
https://ebpf.io/
...