Overview
Explore gRPC proxyless service mesh with security in this conference talk by Sanjay M Pujare from Google. Dive into the recent advancements in gRPC that have eliminated the need for sidecar proxies in service mesh architectures. Learn about the integration of mTLS-based transport security, the orchestration of security through the xDS control plane, and the implementation of a new security plugin architecture in gRPC. Discover how these features are applied in the Google Kubernetes Environment (GKE) and gain insights into service discovery, load balancing, and observability in a proxyless service mesh. Understand the technical details of certificate management, service identity, and the gRPC RFC. Examine the deployment, testing, and future roadmap for this technology, and explore valuable resources for further learning.
Syllabus
Introduction
Agenda
Service Mesh
XDS
GRPC
Proxima Service Mesh
Security in Service Mesh
Service Identity
Certificate Management
Transport Security
How does it all work
Representation of how it works
More technical details
GRPC RFC
Certificate Provider Plugin
Certificate Provider Framework
gRPC Library
Service Identities
deployment and testing
diagram
road map
resources
Questions
Taught by
CNCF [Cloud Native Computing Foundation]