HashiCorp Consul Service Mesh on Kubernetes Series - Part 1 - Introduction and Setup

Modern cloud-native architectures rely heavily on microservices, and Kubernetes has become the go-to platform for deploying, managing, and scaling these distributed applications. As the number of microservices grows, ensuring secure, reliable, and observable service-to-service communication becomes increasingly complex. This is where service mesh solutions, such as HashiCorp Consul, step in to provide a seamless approach to managing these challenges. In this blog post, we will delve into the integration of HashiCorp Consul Service Mesh with Kubernetes, exploring its architecture, features, and step-by-step deployment guide.

HashiCorp Consul Service Mesh on Kubernetes Series - Part 4 - Security

Security is a fundamental aspect of any service mesh, ensuring that all service-to-service communication is secure, controlled, and auditable. HashiCorp Consul provides robust security features, including mutual TLS (mTLS), access control, and rate limiting.

mTLS

In this section, we will demonstrate mTLS with Consul. Consul enables and strictly enforces mTLS by default. All traffic sent through the Consul Connect Service Mesh is encrypted.

This section is slightly different from the Istio mTLS section because:

Backstage Introduction, KubeCon & CloudNativeCon Europe 2022

Thanks to TeraSky’s education program, I recently attended KubeCon & CloudNativeCon Europe 2022 in Valencia, Spain.

The experience was incredible. While there were many interesting technical sessions on many exciting topics, I was most curious about Backstage - which has sparked my interest ever since I started exploring VMware Tanzu Application Platform (TAP).

I decided to attend a session entitled “Backstage: Restoring Order to Your Chaos”, given by Spotify software engineer Dave Zolotusky. Going into the session, I was stunned by the huge line of people trying to get into the room. That was something I had never seen before in any other session. Fortunately, I was lucky enough to secure one of the last seats.

Kubernetes Data Protection: Getting Started with Kasten (K10)

In a recent Kubernetes project I was involved in, our team had to conduct an in-depth proof of concept for several Kubernetes data protection solutions. The main highlights of the PoC covered data protection for stateful applications and databases, disaster recovery, and application mobility, including relocating applications across Kubernetes clusters and even different types of Kubernetes clusters (for example, from TKG on-premise to AWS EKS, etc.).

One of the solutions we evaluated was Kasten (K10), a data management platform for Kubernetes, which is now a part of Veeam. The implementation of Kasten was one of the smoothest we have ever experienced in terms of ease of use, stability, and general clarity around getting things done, as everything is very well documented, which certainly cannot be taken for granted these days. :)

Production-Grade Multi-Cluster TAP Installation Guide

• Introduction
• Prerequisites
• Prepare your Workstation
• Relocate TAP Images to your Private Registry
• Install TAP
  • View Cluster
    • Set up the Installation Namespace
    • Issue a TLS Certificate for TAP GUI
    • Set up a Database for TAP GUI
    • Set up the TAP GUI Catalog Git Repository
    • Set up RBAC for the Metadata Store
    • Set up an Authentication Provider for TAP GUI
    • Set up RBAC for the Build, Run and Iterate Clusters
    • Set an Ingress Domain, TAP GUI Hostname and CA Certificate
    • Deploy the TAP Package
  • Build Cluster
    • Set up the Installation Namespace
    • Set up Metadata Store Authentication and CA Certificate
    • Prepare a Sample Source Code Git Repository
    • Update the TAP Values File
    • Deploy the TAP Package
    • Deploy the TBS Full Dependencies Package
    • Set up the Developer Namespace and Deploy a Workload
  • Run Cluster
    • Set up the Installation Namespace
    • Update the TAP Values File
    • Deploy the TAP Package
    • Set up the Developer Namespace and Deploy a Workload
  • Iterate Cluster
    • Set up the Installation Namespace
    • Update the TAP Values File
    • Deploy the TAP Package
    • Deploy the TBS Full Dependencies Package
    • Set up the Developer Namespace and Deploy a Workload
    • Iterate on your Application
• Wrap Up

Introduction

Since my previous posts on TAP Overview and Backstage, I have been diving deeper into TAP, trying to establish the practices around it.