-
Notifications
You must be signed in to change notification settings - Fork 0
Project 3 Part 1 Proposal
Demonstrating use of various capabilities of using service mesh(Istio) into our project 2.
Problem 1: Currently the authentication & authorization of end-user access to our service is done using boilerplate code i.e handled inside a micro-service. But there are chances of having security issues like man-in-the-middle attacks and many more and bugs could be easily incorporated in.
Problem 2: If we want to add a new role or permission(authorization) in the code-base, in order to reflect it to the production, we have to update all the services and deploy them once again.
Problem 3: Currently, only one version of the application is deployed in the production, suppose, we want to test the application on two different versions and record the user-interaction or response(metrics) at the same time, that part is not yet implemented.
Problem 4: If we want to add a new feature or update an existing feature in the production, the application needed some boot time in order to update all the services and it somewhere affected the end-users using it.
• For problem 1 and problem 2 we can use identity and access management server integrated with Istio tool, thereby forwarding all the authentication requests to the server granting different level of access to the end-users. Hence making the application scalable.
• Problem 3 can be addressed using consistent hash load balancing using destination rules.
• Problem 4 can be solved using Canary deployments feature provided by Istio.
• Using external identity and access management server using Authorization provided by Istio.
• Use Istio’s feature like Kiali, Grafana graphs & prometheus (metric collection and visualization) and Jaegar (Request Tracing & UI).
• Using destination rules and canary deployment feature of Istio.