{"id":3476,"date":"2022-07-13T11:00:12","date_gmt":"2022-07-13T05:30:12","guid":{"rendered":"https:\/\/www.cloudnowtech.com\/blog\/?p=3476"},"modified":"2022-07-13T11:00:12","modified_gmt":"2022-07-13T05:30:12","slug":"service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes","status":"publish","type":"post","link":"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/","title":{"rendered":"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">With their ability to simplify application processes and speed up development cycles, scale up efficiently, and provide enterprises with customizable software, organizations are increasingly migrating to microservices (<\/span><a href=\"https:\/\/hub.packtpub.com\/how-netflix-migrated-from-a-monolithic-to-a-microservice-architecture-video\/\"><span style=\"font-weight: 400;\">Netflix<\/span><\/a><span style=\"font-weight: 400;\"> and BBC being two cases in point, who moved from a monolithic to a microservices architecture).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In fact, the <\/span><a href=\"https:\/\/www.mordorintelligence.com\/industry-reports\/cloud-microservices-market#:~:text=Market%20Overview,period%20(2021%20%2D%202026).\"><span style=\"font-weight: 400;\">Cloud Microservices Market<\/span><\/a><span style=\"font-weight: 400;\"> was valued at USD 831.45 million in 2020 and is expected to reach USD 2701.36 million by 2026, registering a CAGR of approximately 21.7% over the forecast period.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But although microservices are growing significantly in popularity, the architecture is complex, especially in terms of inter-service communication and security. You\u2019ve got two types of communication or traffic here:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">East-west traffic (which refers to the transfer of data packets between servers within a cluster or between services), which is not secured in Kubernetes by default; and<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">North-south traffic (in and out of the network or from user to cluster, usually), which is secured by API Gateway\/API Management\/Ingress Gateway<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Now, what organizations need is \u2018something\u2019 to direct this traffic to their endpoints. The service mesh is that crucial \u2018something\u2019 that allows developers to seamlessly connect, manage, and secure networks of different microservices, regardless of platform, source, or vendor.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">What is a service mesh?<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A service mesh is a dedicated infrastructure layer for handling service-to-service communication and secure traffic management. It is most commonly used in Kubernetes for security, authentication, and authorization. Its components include a Control plane (the brain, which provides the configuration for the proxies) and a Data plane (made up of lightweight proxies such as sidecars and where all the action takes place).<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Why do you need a service mesh?<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Inside a Kubernetes cluster, you have multiple microservices, and one of the biggest challenges in developing cloud-native applications is speeding up the number of deployments. Service mesh offers shorter and more frequent deployments, which translate to reduced time-to-market and faster bug fixes.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Also, while Kubernetes can handle internal communication, it may not be as secure as Kubernetes secures communication with an SSL certificate for interacting with the cluster only, and not within the cluster. A service mesh with a Mutual TLS (mTLS) ensures that the parties at each end of a network connection are verified (usually by making use of a private key), and the internal pod communication is secure, fast, and reliable.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another advantage of a service mesh is that since it is a dedicated layer of proxies through which service-to-service communication passes, it is uniquely positioned to monitor services.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Some service meshes also support tracing, which helps developers to troubleshoot problems like sequencing and request-specific issues.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">More services mean more network traffic, but a service mesh provides the ability (and infrastructure) to secure network calls through authentication and encryption of traffic between services. Typically with K8s, you have security only at the API server when accessing the cluster (north-south security). The service mesh secures each service within the cluster also (east-west security) with identity-based authentication.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">How does a service mesh work?<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A service mesh architecture uses a \u201cmesh of proxies\u201d (called a sidecar), which attach to each application container, container orchestration unit, such as a Kubernetes pod.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Control Plane, which is the brain of the service mesh, works as a configuration server and controls the proxies\u2019 behavior across the mesh. The control plane is where users specify authentication policies or gather metrics. It essentially provides dynamic support and management of apps in partnership with the Kubernetes API server.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Data Plane is the mesh of intelligent proxies or envoys that contain the actual services and data. When a namespace is labeled with the service mesh, a sidecar container is created and deployed along with the application, which will act as a frontend to mediate and control all network communication between microservices.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In short, the control plane controls how data is forwarded, while the data plane is the forwarding process.<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">With microservice deployment and management being critical in today\u2019s cloud-native environment, DevOps teams need processes in place to automate deployment strategies that minimize risk and maximize uptime. <a href=\"http:\/\/cloudnowtech.com\">CloudNow<\/a> offers cloud migration and management services. <a href=\"http:\/\/cloudnowtech.com\/contact-us.html\">Give us a call today<\/a> to explore more.<\/span><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>With their ability to simplify application processes and speed up development cycles, scale up efficiently, and provide enterprises with customizable software, organizations are increasingly migrating to microservices (Netflix and BBC being two cases in point, who moved from a monolithic to a microservices architecture). In fact, the Cloud Microservices Market was valued at USD 831.45 [&hellip;]<\/p>\n","protected":false},"author":19,"featured_media":3477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[277,51],"tags":[72,118,195,342],"class_list":["post-3476","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-application-development-modernization","category-microservices","tag-api","tag-containerization","tag-kubernetes","tag-service-mesh"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Service Mesh: The best way to Encrypt East-West traffic in Kubernetes - Discover Better Value Faster<\/title>\n<meta name=\"description\" content=\"The architecture of microservices is complex, especially in inter-service communication and security. Communication among microservices includes North-South and East-West traffic. A Service Mesh helps direct this traffic to their endpoints. Read our blog for more on the subject.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes - Discover Better Value Faster\" \/>\n<meta property=\"og:description\" content=\"The architecture of microservices is complex, especially in inter-service communication and security. Communication among microservices includes North-South and East-West traffic. A Service Mesh helps direct this traffic to their endpoints. Read our blog for more on the subject.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/\" \/>\n<meta property=\"og:site_name\" content=\"Discover Better Value Faster\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-13T05:30:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i1.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/07\/Blog-110.png?fit=1140%2C760&#038;ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1140\" \/>\n\t<meta property=\"og:image:height\" content=\"760\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Abdul Rahman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#website\",\"url\":\"https:\/\/www.cloudnowtech.com\/blog\/\",\"name\":\"Discover Better Value Faster\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cloudnowtech.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/i1.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/07\/Blog-110.png?fit=1140%2C760&ssl=1\",\"contentUrl\":\"https:\/\/i1.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/07\/Blog-110.png?fit=1140%2C760&ssl=1\",\"width\":1140,\"height\":760,\"caption\":\"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#webpage\",\"url\":\"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/\",\"name\":\"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes - Discover Better Value Faster\",\"isPartOf\":{\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#primaryimage\"},\"datePublished\":\"2022-07-13T05:30:12+00:00\",\"dateModified\":\"2022-07-13T05:30:12+00:00\",\"author\":{\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#\/schema\/person\/cd2d1825b093d846a80bdbb74ff7051e\"},\"description\":\"The architecture of microservices is complex, especially in inter-service communication and security. Communication among microservices includes North-South and East-West traffic. A Service Mesh helps direct this traffic to their endpoints. Read our blog for more on the subject.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cloudnowtech.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#\/schema\/person\/cd2d1825b093d846a80bdbb74ff7051e\",\"name\":\"Abdul Rahman\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/06\/AbdulRahman-I-96x96.jpg\",\"contentUrl\":\"https:\/\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/06\/AbdulRahman-I-96x96.jpg\",\"caption\":\"Abdul Rahman\"},\"description\":\"Abdul is a Certified AWS Solution Architect Associate at CloudNow with 5 years of experience in the cloud and DevOps domain. He is experienced in multi-cloud development across Amazon Web Services, Microsoft Azure, and Google Cloud.\",\"sameAs\":[\"https:\/\/www.cloudnowtech.com\/\"],\"url\":\"https:\/\/www.cloudnowtech.com\/blog\/author\/abdul-rahman\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes - Discover Better Value Faster","description":"The architecture of microservices is complex, especially in inter-service communication and security. Communication among microservices includes North-South and East-West traffic. A Service Mesh helps direct this traffic to their endpoints. Read our blog for more on the subject.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/","og_locale":"en_US","og_type":"article","og_title":"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes - Discover Better Value Faster","og_description":"The architecture of microservices is complex, especially in inter-service communication and security. Communication among microservices includes North-South and East-West traffic. A Service Mesh helps direct this traffic to their endpoints. Read our blog for more on the subject.","og_url":"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/","og_site_name":"Discover Better Value Faster","article_published_time":"2022-07-13T05:30:12+00:00","og_image":[{"width":1140,"height":760,"url":"https:\/\/i1.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/07\/Blog-110.png?fit=1140%2C760&ssl=1","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Abdul Rahman","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.cloudnowtech.com\/blog\/#website","url":"https:\/\/www.cloudnowtech.com\/blog\/","name":"Discover Better Value Faster","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cloudnowtech.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#primaryimage","inLanguage":"en-US","url":"https:\/\/i1.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/07\/Blog-110.png?fit=1140%2C760&ssl=1","contentUrl":"https:\/\/i1.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/07\/Blog-110.png?fit=1140%2C760&ssl=1","width":1140,"height":760,"caption":"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes"},{"@type":"WebPage","@id":"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#webpage","url":"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/","name":"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes - Discover Better Value Faster","isPartOf":{"@id":"https:\/\/www.cloudnowtech.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#primaryimage"},"datePublished":"2022-07-13T05:30:12+00:00","dateModified":"2022-07-13T05:30:12+00:00","author":{"@id":"https:\/\/www.cloudnowtech.com\/blog\/#\/schema\/person\/cd2d1825b093d846a80bdbb74ff7051e"},"description":"The architecture of microservices is complex, especially in inter-service communication and security. Communication among microservices includes North-South and East-West traffic. A Service Mesh helps direct this traffic to their endpoints. Read our blog for more on the subject.","breadcrumb":{"@id":"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cloudnowtech.com\/blog\/service-mesh-the-best-way-to-encrypt-east-west-traffic-in-kubernetes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cloudnowtech.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Service Mesh: The best way to Encrypt East-West traffic in Kubernetes"}]},{"@type":"Person","@id":"https:\/\/www.cloudnowtech.com\/blog\/#\/schema\/person\/cd2d1825b093d846a80bdbb74ff7051e","name":"Abdul Rahman","image":{"@type":"ImageObject","@id":"https:\/\/www.cloudnowtech.com\/blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/06\/AbdulRahman-I-96x96.jpg","contentUrl":"https:\/\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/06\/AbdulRahman-I-96x96.jpg","caption":"Abdul Rahman"},"description":"Abdul is a Certified AWS Solution Architect Associate at CloudNow with 5 years of experience in the cloud and DevOps domain. He is experienced in multi-cloud development across Amazon Web Services, Microsoft Azure, and Google Cloud.","sameAs":["https:\/\/www.cloudnowtech.com\/"],"url":"https:\/\/www.cloudnowtech.com\/blog\/author\/abdul-rahman\/"}]}},"jetpack_featured_media_url":"https:\/\/i1.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/07\/Blog-110.png?fit=1140%2C760&ssl=1","_links":{"self":[{"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/posts\/3476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/comments?post=3476"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/posts\/3476\/revisions"}],"predecessor-version":[{"id":3478,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/posts\/3476\/revisions\/3478"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/media\/3477"}],"wp:attachment":[{"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/media?parent=3476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/categories?post=3476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/tags?post=3476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}