Secure Istio Gateway Traffic with TLS Encryption on Amazon EKS

In this video, I discuss and demonstrate how you can mitigate the risks of network interception attacks by encrypting the traffic that comes into the Istio service mesh with TLS. This video is a follow-up to a previous video titled Using Istio Gateway to Route Traffic to Microservices on Amazon EKS (link provided below). As much as a single point of entry provides a superior measure of security to multiple entries into your Kubernetes cluster, there are still other security risks to be aware of and address, like network traffic interceptions. I'll walk you through a modification of the previous solution which entails swapping out the Classic Load Balancer controlled by the Istio ingress gateway, with an Application Load Balancer controlled by the AWS Load Balancer controller. This ALB has an ACM public TLS/SSL certificate attached to it for encrypted traffic between clients and the load balancer. In addition, the Istio ingress gateway service is updated (from LoadBalancer to NodePort) and has a self-signed certificate attached to it to secure traffic between the ALB and the ingress gateway. This will ensure that traffic entering the mesh from outside of the cluster is encrypted and secured. #kubernetes #istio #servicemesh Previous Video: https://youtu.be/_ImVPrUZ6yY AWS Load Balancer Controller: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/ Managing Sensitive Data in Kubernetes with Sealed Secrets and External Secrets Operator (ESO): https://youtu.be/FD8zzHPbhoY Timestamps: 00:00 - Introduction 00:52 - Securing the Istio ingress gateway 01:04 - Network traffic interceptions 02:00 - Basic overview of TLS/SSL encryption and interaction between client and server 03:30 - Walk-through/overview of new solution architecture with AWS ACM certificate, ALB created by AWS Load Balancer controller, and updated Istio ingress gateway 06:43 -Walk-through of ALB ingress and Istio gateway resources 11:28 - Demo Other resources: https://aws.amazon.com/blogs/containers/secure-end-to-end-traffic-on-amazon-eks-using-tls-certificate-in-acm-alb-and-istio/ Connect: GitHub: https://github.com/LukeMwila Twitter: https://twitter.com/LuKE9ine Medium: https://medium.com/@outlier.developer LinkedIn: https://www.linkedin.com/in/lukonde-mwila-25103345/ If you found this video helpful, please like the video and subscribe to the channel!