Implementing Service Mesh on stand-alone architectures (non-Microservices)

Terry Beavis | Wednesday, August 5th, 2020

Problem

The government programme started with no security requirements for encryption information in transit (TLS). After a review, a new requirement came to encrypt all in-flight communications using TLS.

Requirement

  • Use Hashicorp Vault as central CA
  • Implement encryption in transit for all in-flight¬† communications

Solution

The solution was designed and implemented using the service mesh pattern in standalone infrastructures using Hashicorp Consul, Vault, Consul Template, HA-Proxy and NGINX.

Some successful POCs were performed to check the viability of the solution.

The main benefit of this design was that applications only had to change the endpoint configurations to speak with the sidecar proxy (no extra development required).  The changes happened within DevOps at the infrastructure level.

Challenge

Implement the service mesh pattern for microservices architectures using containers.

Result

POCs were performed and solution design was delivered.

Filed under: Case Study, Systems Integration