7

I am planning to introduce K8s/Istio into my infra. Right now I have plenty of services which communicate with each other using RabbitMQ.

Service mesh concept seems to assume all services should be synchronous.

I'd like to keep at least some of my services async and take advantage of Mutual TLS Authentication which istio provides and also aggregated monitoring.

Is there any tools/methods which can help me to streamline management of both Sync and Async services?

Thanks,

arkadiy kraportov
  • 3,679
  • 4
  • 33
  • 42
  • What are you reading that says that services should be synchronous? I would have though that once a service has a connection, the routing mechanisms of the service mesh shouldn't care how the applications at each end are implemented. – Graham Dumpleton Apr 17 '18 at 03:47
  • From the list of protocols. AMQP is not there... I guess my question should mention PubSub rather than Async – arkadiy kraportov Apr 17 '18 at 07:36
  • So you need Mutual TLS Authentication between services and rabbitmq brokers? – ccshih Apr 19 '18 at 09:29
  • @ccshih, sorry my bad, I should be more clear. Basically I need 1) Make sure connection between service and broker is secure; 2) Consumer knows which service published the message and whether the publisher is valid/authorized. I guess utilizing JWT somehow. – arkadiy kraportov Apr 21 '18 at 00:14

2 Answers2

4

Please note that Istio can control non-HTTP protocols on top of TCP, including providing Mutual TLS Authentication. See this example of mTLS for HTTPS (treated as opaque TCP) - https://preliminary.istio.io/docs/tasks/security/https-overlay.html.

I am not familiar with AMQP, but since it is a protocol on top TCP, it should be possible to control it by Istio as opaque TCP.

Vadim Eisenberg
  • 3,337
  • 1
  • 18
  • 14
2

Apparently there is WIP to add Async (Event driven) messaging to Envoy Proxy through Kafka filter: https://github.com/envoyproxy/envoy/issues/2852

Also good summary on using a Service Mesh for Event-Driven Messaging here: https://www.infoq.com/articles/service-mesh-event-driven-messaging

arkadiy kraportov
  • 3,679
  • 4
  • 33
  • 42