Today every application has microservices architecture where individual services are spread across public clouds and multiple Kubernetes clusters. Since all the communication of messages among services happens over the internet, it is very important to ensure the security of your data. You don\u2019t want any malicious guy to read and record the data-in-transit (known as packet sniffing), or intervene in between the communication as someone you trust (IP spoofing), or perform a DoS attack such as bandwidth flooding or connection flooding, etc.<\/p>\n\n\n\n
The idea is security should always be developed in a layered approach to build defense in depth. When software engineers are developing containerised applications they need to think about security at Code, Container, Cluster, Cloud levels (read 4 C\u2019s of container security<\/a>). <\/p>\n\n\n\n So in this article, we will explain how you can avoid all the security vulnerabilities by securing the communication of microservices in multi-cloud and multicluster using open-source Istio service mesh<\/a>. We have considered two different Kubernetes clusters- GKE and AKS- where we will implement two applications and ensure they talk to each other using secure channels. If you want to know more, read about mTLS and certificate rotation with Istio<\/a>.<\/p>\n\n\n\n If you are comfortable to watch and refer the video to implement the security of multicluster apps using Istio, then watch the following video:<\/p>\n\n\n\nPrerequisite<\/h2>\n\n\n\n
\n
Watch the video for implementing Istio in multicluster Kubernetes <\/h2>\n\n\n\n