Hacker News new | past | comments | ask | show | jobs | submit login

things like layer 7 control, you can say - "don't allow HTTP GET on /supersecret". Also, Isito is gRPC aware



This brings about a major problem with centralized route management, though, in that you then must build all of your access controls around URLs rather than deeper business logic.

Istio offers much more, but as far as anything but coarse-grained "this service will never need to talk to this other service" access control, I'd still much rather write the logic in the code where it has access to a lot more domain knowledge.


if you want just simple layer 4 ACLs among the services, I recommend just using NetworkPolicies[1] of k8s.

Personally, I think that Istio is overly complex but then so is k8s :)

[1] https://kubernetes.io/docs/concepts/services-networking/netw...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: