Anthos Service Mesh is a managed service mesh for Google Kubernetes Engine (GKE) clusters. Anthos Service Mesh allows GKE clusters to use a single logical service mesh, so that pods can communicate across clusters securely and services can share a single Virtual Private Cloud (VPC). By Waheed Brown and Jianhe Liao.
For those who want to get started immediately, there is a Git repo with complete source code and README instructions. There are also bonus sections at the end, for mesh traffic security scanning and external databases respectively.
This guide then walks you through set up process:
- Supported version
- Shared VPCs
- SSL/TLS termination
- Security
- Container workload security
- Container runtime (Containerd)
- Security scanning with Prisma Cloud (formerly Twistlock)
- External databases with Google Cloud SQL for PostgreSQL
- Towards federated clusters
The authors recommend using the cos_containerd runtime for GKE clusters using Anthos Service Mesh. The current Docker container runtime is being sunsetted from GKE. Adopting cos_containerd now will avoid having to migrate in the future. Excellent read!
[Read More]