Overview
Explore how TransferWise implemented secure Kafka connections using SPIFFE in this 20-minute conference talk. Learn about the challenges of managing long-lived certificates for mutual TLS between Kafka brokers and clients at scale. Discover how the company leveraged SPIFFE with SPIRE and Envoy to achieve enhanced security for their 300 microservices without requiring code changes on the client side. Gain insights into reducing maintenance burden on platform teams while simplifying client migration. Understand the intricacies of Kafka security, client-broker connections, and the implementation of mTLS with SPIRE. Delve into TransferWise's use of Envoy and the process of integrating Kafka into their infrastructure.
Syllabus
Intro
What is Kafka?
How client-broker connection works?
Client-Broker TLS
Client-Broker mTLS with SPIRE
Envoy at TransferWise
Just add Kafka
Resources
Taught by
CNCF [Cloud Native Computing Foundation]