Tagged articles

17 articles

Page 1 of 1

May 17, 2026 · Cloud Native

Istio Service Mesh Basics: What Is the Sidecar Pattern and Why Microservices Need It?

The article explains how traditional microservice architectures embed network concerns such as time‑outs, retries, circuit breaking, traffic monitoring and mTLS in application code, why this leads to code coupling, upgrade difficulty and duplicated effort, and how Istio’s sidecar‑based service mesh cleanly separates those concerns while providing traffic management, observability and security features.

EnvoyIstioKubernetes

0 likes · 30 min read

Istio Service Mesh Basics: What Is the Sidecar Pattern and Why Microservices Need It?

Ray's Galactic Tech

Jan 14, 2026 · Information Security

From Simple HTTPS to Enterprise‑Grade mTLS: Build a Secure Nginx Infrastructure

This guide explains why HTTPS only encrypts traffic while mTLS authenticates both parties, and provides a step‑by‑step solution—including environment setup, CA design, certificate generation, Nginx mutual‑TLS configuration, role‑based access, Kubernetes deployment, logging, and best‑practice recommendations—to create a production‑ready, enterprise‑level security infrastructure.

Certificate AuthorityDevOpsMutual TLS

0 likes · 8 min read

From Simple HTTPS to Enterprise‑Grade mTLS: Build a Secure Nginx Infrastructure

MaGe Linux Operations

Jan 5, 2026 · Cloud Native

What Really Happens When You Deploy Istio? 6 Hard‑Learned Lessons from a Year‑Long Production Run

After a year of running Istio in production on a 80‑service, 200‑node Kubernetes fleet, we share six painful pitfalls—including unexpected latency, debugging complexity, upgrade nightmares, configuration explosion, compatibility issues, and mTLS challenges—plus practical mitigation steps and guidance on when Istio truly adds value.

ConfigurationDebuggingIstio

0 likes · 22 min read

What Really Happens When You Deploy Istio? 6 Hard‑Learned Lessons from a Year‑Long Production Run

Linux Ops Smart Journey

Sep 22, 2025 · Cloud Native

Mastering Envoy TLS & mTLS: Step-by-Step Configuration for Secure Service Mesh

This guide explains why TLS and mTLS are essential for modern microservice communication, then walks through configuring Envoy for both simple TLS termination and full mutual TLS, covering listeners, clusters, certificate management, and provides runnable examples with verification commands.

Cloud NativeEnvoyMicroservices

0 likes · 9 min read

Mastering Envoy TLS & mTLS: Step-by-Step Configuration for Secure Service Mesh

Linux Ops Smart Journey

Sep 26, 2024 · Cloud Native

Secure Your Kubernetes Ingress-Nginx with mTLS and HTTPS: Step‑by‑Step Guide

Learn how to configure Ingress‑Nginx in a running Kubernetes cluster for secure mTLS and HTTPS communication, covering prerequisites, certificate creation, deployment of HTTP and mTLS services, Ingress rules, SSL passthrough setup, and verification steps with practical kubectl and OpenSSL commands.

Cloud NativeHTTPSIngress-Nginx

0 likes · 12 min read

Secure Your Kubernetes Ingress-Nginx with mTLS and HTTPS: Step‑by‑Step Guide

MaGe Linux Operations

Jul 21, 2024 · Cloud Native

Mastering Istio Security: A Deep Dive into Authentication, Authorization, and mTLS

Discover how Istio secures microservices with comprehensive authentication, authorization, and mutual TLS features, covering concepts, architecture, identity management, policy configuration, permissive mode, and practical YAML examples to protect services, data, and communication across any deployment environment.

AuthorizationIstioService Mesh

0 likes · 27 min read

Mastering Istio Security: A Deep Dive into Authentication, Authorization, and mTLS

MaGe Linux Operations

Jul 12, 2024 · Operations

Master istioctl: Essential Commands for Debugging and Diagnosing Service Mesh Issues

This guide walks you through using istioctl to inspect mesh status, retrieve proxy configurations, debug Envoy listeners, routes, clusters, and endpoints, validate mutual TLS policies, analyze configuration errors, and leverage component introspection tools for effective Istio service‑mesh operations.

DebuggingIstioistioctl

0 likes · 24 min read

Master istioctl: Essential Commands for Debugging and Diagnosing Service Mesh Issues

Cloud Native Technology Community

Jul 20, 2023 · Information Security

Implementing Zero‑Trust Security in Kubernetes with Service Meshes (Linkerd)

This article explains how to achieve zero‑trust security in Kubernetes by using a service mesh such as Linkerd, covering workload identity, mTLS, certificate management, policy definition with CRDs, and the practical limitations of mesh‑based protection.

KubernetesLinkerdZero Trust

0 likes · 11 min read

Implementing Zero‑Trust Security in Kubernetes with Service Meshes (Linkerd)

MaGe Linux Operations

Oct 14, 2022 · Information Security

How Dapr Secures Service Calls and Pub/Sub with mTLS and Access Policies

This article explains Dapr's security foundation, covering end‑to‑end mTLS for service invocation, configurable access control policies for services and Pub/Sub components, trust domains, SPIFFE identities, and practical examples of policy configurations and deployment steps for both local and Kubernetes environments.

DaprSecurityService Invocation

0 likes · 17 min read

How Dapr Secures Service Calls and Pub/Sub with mTLS and Access Policies

Top Architect

May 30, 2022 · Information Security

Implementing Transparent Encrypted Communication with mTLS Using Nginx and OpenSSL

This article explains how to secure cross‑data‑center traffic by applying TLS principles, setting up a private Certificate Authority, generating self‑signed certificates with OpenSSL, configuring mutual TLS (mTLS) on Nginx proxies for both HTTP and TCP streams, and verifying the setup with curl and redis‑cli commands.

Certificate AuthorityNginxOpenSSL

0 likes · 24 min read

Implementing Transparent Encrypted Communication with mTLS Using Nginx and OpenSSL

Architect

May 13, 2022 · Information Security

Implementing Transparent Encrypted Communication with mTLS Using Nginx and Self‑Signed Certificates

This article explains how to secure cross‑data‑center traffic by encrypting it with TLS/mTLS, covering the principles of TLS, certificate authority roles, generating self‑signed certificates with OpenSSL, and configuring Nginx proxies for both HTTP and TCP streams to provide transparent encrypted channels without modifying applications.

Certificate AuthorityNginxOpenSSL

0 likes · 26 min read

Implementing Transparent Encrypted Communication with mTLS Using Nginx and Self‑Signed Certificates

Programmer DD

Mar 17, 2022 · Information Security

How to Build Transparent Encrypted Channels Between Data Centers with mTLS and Nginx

This guide explains how to securely connect two data‑center deployments over the public Internet by using TLS/mTLS, Certificate Authorities, and Nginx proxy configurations, providing step‑by‑step certificate generation, server and client setup, and both HTTP and TCP stream examples.

Certificate AuthorityTLSencryption

0 likes · 24 min read

How to Build Transparent Encrypted Channels Between Data Centers with mTLS and Nginx

Architect

Jan 17, 2022 · Cloud Native

Introducing NGINX Service Mesh: Features, Architecture, and Getting Started

This article introduces NGINX Service Mesh (NSM), a lightweight, highly integrated service‑mesh solution for Kubernetes that leverages NGINX Plus as a data plane, explains its security, traffic‑management, visualization, and hybrid‑deployment capabilities, outlines its architecture and components, and provides step‑by‑step commands for installation, verification, and sidecar injection.

KubernetesNGINX Service MeshService Mesh

0 likes · 10 min read

Introducing NGINX Service Mesh: Features, Architecture, and Getting Started

High Availability Architecture

Jun 30, 2021 · Databases

Resolving gRPC‑gateway Limits and mTLS Certificate Issues in etcd 3.x for Apache APISIX

This article explains how etcd 3.x switched its external API to gRPC, the challenges of using its gRPC‑gateway for HTTP requests in Apache APISIX, the default message size limit causing sync failures, and the certificate configuration pitfalls that were fixed through a PR merged in v3.5.0.

Apache APISIXBackendHTTP API

0 likes · 8 min read

Resolving gRPC‑gateway Limits and mTLS Certificate Issues in etcd 3.x for Apache APISIX

Top Architect

May 31, 2021 · Cloud Native

Why I Switched from Istio to Linkerd: A Practical Service Mesh Evaluation

After two years of using Istio in production, the author explains the operational complexities, reliability issues, and protocol limitations that led to abandoning Istio in favor of Linkerd, highlighting the pros and cons of both service meshes within Kubernetes environments.

IstioKubernetesLinkerd

0 likes · 10 min read

Why I Switched from Istio to Linkerd: A Practical Service Mesh Evaluation

Cloud Native Technology Community

Dec 25, 2020 · Cloud Native

How Istio Secures Service Mesh: Zero‑Trust, mTLS, and AAA Explained

This article examines Service Mesh security by outlining core requirements, detailing Istio’s built‑in zero‑trust mechanisms—including mutual TLS, AAA, and automatic certificate rotation—and comparing the security features of Linkerd and Alauda Service Mesh, offering practical insights for designing robust microservice protection.

Cloud NativeIstioLinkerd

0 likes · 11 min read

How Istio Secures Service Mesh: Zero‑Trust, mTLS, and AAA Explained

Cloud Native Technology Community

Jun 3, 2020 · Cloud Native

10 Common Istio Pitfalls and How to Resolve Them

This article outlines ten frequent Istio exceptions—from service port naming constraints and flow‑control ordering to mTLS‑induced connection drops—explaining their root causes, diagnostic steps, and practical best‑practice solutions for reliable mesh deployments.

IstioKubernetesObservability

0 likes · 17 min read

10 Common Istio Pitfalls and How to Resolve Them