Learn how to set up secure service communication inside and outside Kubernetes clusters using HashiCorp Consul and Envoy proxy.
Many organizations are discovering the networking complexity involved in running a microservice system. Over the last few years, many influential companies have investigated this problem, the technology that has emerged is now being referred to as a "service mesh." A service mesh allows you to replace traditional host-based network security with service-based security to accommodate the highly dynamic nature of modern runtime environments.
In this talk, HashiCorp technology specialists Christoph Puhl and Tim Arenz will show how an open source Consul-based service mesh and Envoy proxy can be used to solve both network segmentation and seamless transport security with mutual TLS within your Kubernetes cluster. In addition to this, you will see how Consul can provide encrypted and authorized access to services and data stores which are running outside the cluster and potentially in a separate and isolated network.
0:00 — The road to service mesh
13:30 — Introduction to service mesh in Consul
31:00 — Securing intra-Kubernetes comms with a Consul service mesh and Envoy, and integrating external apps outside Kubernetes.
47:51 — Q&A