Module 2: Secure microservices access control with Red Hat OpenShift Service Mesh

Module 2

Travelz Corp’s move to a microservices-based architecture brings greater agility, but also results in increased complexity in managing how the microservices communicate with each other and stay secure.

Travelz Corp wants to apply access policies to the interaction between microservices, enable complex deployment strategies, and monitor the microservices applications.

Solution overview

Travelz Corp leverages Red Hat OpenShift Service Mesh as an easy way to set up service-to-service authentication, complex operational functions such canary releases and telemetry to understand traffic between services.

Red Hat OpenShift Service Mesh uses Istio as its core service mesh implementation and includes Kiali to help you to configure, visualize, validate and troubleshoot your mesh!

m2 arch

In this module, you will onboard the travel-agency namespace to the mesh. The service mesh adds a transparent layer to the microservices within this namespace without requiring any application code changes.

Once the namespace is part of the service mesh, you will use the Kiali to visualize service traffic and gain observability into your application.

Technical considerations

To successfully implement Red Hat OpenShift Service Mesh, there are a few key technical factors to consider:

  • Namespace and Workload Configuration: Ensure workloads are deployed in namespaces configured for mesh participation, with sidecar injection enabled.

  • mTLS and Identity: Red Hat OpenShift Service Mesh uses mutual TLS (mTLS) to authenticate and encrypt service-to-service traffic. Proper certificate management and identity policies are essential.

  • Authorization Policies: Fine-grained access control can be implemented using AuthorizationPolicy CRDs to enforce least-privilege communication between services.

  • Traffic Management: Canary deployments, traffic splitting, and fault injection require well-defined routing rules using VirtualServices and DestinationRules.

  • Observability Stack: Tools like Kiali, Distributed Tracing, and Prometheus are included for service visualization, tracing, and metrics—ensure they are properly deployed and accessible.

These technical foundations will ensure Travelz Corp can fully realize the benefits of Red Hat OpenShift Service Mesh in a production-ready environment.

Activities Overview:

In this module, you’ll get hands-on experience with OpenShift Service Mesh.

  • Learn how OpenShift Service Mesh works by exploring its main parts. You’ll see how it gives you visibility and control over how services talk to each other.

  • Use zero trust security principles to make sure only the right services can access sensitive backends — helping protect your applications from unwanted access.

  • Control how traffic flows between service versions so you can gradually roll out changes, reduce deployment risks, and test updates safely in production.