Service mesh: Istio/Linkerd — mTLS between services, traffic policies, observability. Zero-trust microsegmentation: every service-to-service call authenticated. SPIFFE/SPIRE: workload identity for services (SVIDs). JWT propagation: forward user context across services. Rate limiting at mesh layer: circuit breaker (Hystrix/Resilience4j). Secret management: Vault agent injector, K8s secrets with RBAC. Service-to-service: OAuth2 client credentials flow. API gateway: Kong, AWS API GW, Traefik —...
- microservices
- security
- mesh