gRPC Proxyless Service Mesh with Security

The presentation discusses the implementation of secure communication in gRPC using the xDS protocol and the certificate provider plug-in framework.

• gRPC uses xDS protocol to implement secure communication between clients and servers
• Certificate provider plug-in framework enables various mechanisms to obtain certificates and keys
• The framework is implemented in gRPC Go, C++, Java, and Python
• The presentation provides links to resources for more information

The certificate provider plug-in framework allows for dynamic updates of certificates and keys, ensuring that the security configuration can be changed for different clients or networks. This simplifies the process of implementing secure communication in gRPC.

gRPC has been a popular choice for building microservices based service mesh architectures especially after the recent introduction of service mesh features such as service discovery, load balancing, and observability which eliminated the need for sidecar proxies - like Envoy - in the service mesh. The introduction of these features in gRPC enabled a "proxyless service mesh". In this session we will talk about the addition of mTLS based transport security to the proxyless service mesh. We will describe the orchestration of security by the xDS control plane, the addition of a security plugin architecture to gRPC, and the implementation of some of those plugins to take advantage of security infrastructure in the Google Kubernetes Environment (GKE).