Project 3 Part I
Implement a sturdy service mesh that is immune to malicious attacks, performant under varying traffic conditions, easily deployable and quick to test.
These are the current limitations and vulnerabilities in the project:
All the users are currently directed to the same version of the microservices and the traffic is managed internally. An intelligent system to control the flow of traffic and the API calls between services needs to be set up.
Testing the robustness of the app in heavy traffic is difficult in vanilla Kubernetes. We need better ways to test it out.
In the vanilla Kubernetes Cluster, when we are passing the user name and password from front end to API gateway it is not encrypted. This is also applicable to user requests within the cluster. Currently, to mitigate it, we have integrated a TLS certificate to each service in the cluster. A more robust system is required for scalability.
A granular view of the running app is missing. We want to have graphical monitoring and logging for all the services.
The default load balancing in our app is done by Round Robin and though it works fine, it is not the perfect technique for this specific application.
We are planning to use one among the prominent service mesh technologies used (Istio, Envoy, Linkerd).
-
Run all the microservices with service mesh
sidecarenabled -
Deploy a testing pod, to use for sending requests to the microservices
-
Set up different versions of microservices and create replicas
-
Configure service mesh
ingress gateway -
Create a virtual service and routing rules for traffic management
-
Set up a load balancer. Splitting traffic among different versions of microservices so that we could move from an older to an updated version of service with minimal downtime.
-
Use a gateway to manage inbound and outbound traffic for the mesh
-
Use Grafana Monitoring to monitor the traffic flow in the cluster.
-
Using Rigorous testing to get the bottleneck efficiency of the system.