Posted On: Feb 4, 2021
AWS App Mesh Controller for Kubernetes v1.3.0 is now available and includes support for mTLS (mutual Transport Layer Security) authentication on App Mesh. The AWS App Mesh Controller for Kubernetes provides a way to configure and manage AWS App Mesh using Kubernetes directly. AWS App Mesh is a service mesh that provides application-level networking to standardize how your services communicate, giving you end-to-end visibility and allowing high availability for your applications.
This release includes the ability to configure mTLS for App Mesh directly using Kubernetes APIs. Mutual Transport Layer Security (mTLS) is an additional layer of security on top of TLS which allows services to identify and authenticate the client making a request. X.509 certificates presented by the client can be validated and authenticated using either a certificate trust bundle on the Envoy proxy’s filesystem or via any service that implements Envoy’s Secret Discovery Service API, such as SPIFFE Runtime Environment (SPIRE). This release also includes the ability to set arbitrary environmental variables on the Envoy proxy sidecar, allowing additional customization of Envoy and other integrations as well as enhancements to App Mesh’s tracing integrations which enable connectivity to tracing agents that run as DaemonSets, such as DataDog.
To learn more about using mTLS with App Mesh on Kubernetes, see Amazon EKS mutual TLS walkthrough with SPIRE.