By default all services in a Kubernetes environment can talk to one another. This might be acceptable if your apps don’t deal with sensitive information, but if the APIs published by your services expose personal information like passwords and credit card numbers, access by bad actors can quickly lead to embarrassing and expensive data breaches. To protect sensitive information, you can use NGINX Service Mesh to set up a zero‑trust environment with fine‑grained control over which services are authorized to communicate.
NGINX Service Mesh takes advantage of resources that the Service Mesh Interface (SMI) spec defines for implementing authorization, which it calls traffic access control. Building on these resources, it takes just a few minutes to define a traffic‑access policy in NGINX Service Mesh. In this demo, we walk through two sample policies with fine‑grained network and app‑level controls that prevent unauthorized actors from accessing specific app components.
To help you easily implement traffic‑access policies of your own, we also provide a step-by-step tutorial.
For a discussion of other traffic‑management patterns, read How to Improve Resilience in Kubernetes with Advanced Traffic Management on our blog.
Also check out these video demos of NGINX Service Mesh features: