Securing Bare Metal with Service Mesh
Jan 23, 2020
A step-by-step guide on how to use HashiCorp Consul to create a service mesh and secure data in motion between physical hosts and services.
A service mesh is a great way to secure data in motion between physical hosts and services. This guide explains how to deploy the physical infrastructure for a service mesh using HashiCorp Consul on top of a bare metal cloud provided by Packet.
The sample microservice is inherently insecure, transmitting in the clear across the network and susceptible to a man-in-the-middle attack. The new service mesh secures this service to prevent an attack by introducing encryption. The encryption, in this case, is provided by HashiCorp Vault.
The guide also covers topics relating to service mesh implementation, including:
- How to deploy a physical infrastructure
- Bootstrapping and clustering
- How to enable a sidecar
- Securing a service via TLS
- Managing service resilience, redundancy, and failover
The guide also uses a HashiCorp Terraform plugin to create the infrastructure.