WingNews logo WingNews
top | item 39571885

(no title)

lomereiter | 2 years ago

To set up an open-source service mesh, the infra team anyway has to configure a private certificate authority and cert-manager to create k8s secrets for the service mesh components. From there, it's straightforward to extend the common deployment template (hopefully there is one) to mount a volume with an auto-rotated certificate. All an application developer has to do is to use that certificate, which is much less effort than what you are implying.

discuss

order

MrDarcy|2 years ago

It’s not less effort. I’ve done both ways in production for large teams. What you described is literally entirely automated by the mesh in a more secure and maintainable way than a bespoke hand rolled solution.

lomereiter|2 years ago

"Large teams" is the key, there has to be enough services and/or language diversity to justify the extra complexity.