Hacker News new | past | comments | ask | show | jobs | submit login

I’m giving a talk [1] at SRECon about a tool [2] I’ve written that presents an alternate take one of the major problems that Service Mesh solves - Encrypting internal traffic. My solution is very simple, to enable your applications to use mutual TLS to authenticate with each other - By making Kubernetes put the certificates in a standard place and making the drop-in middleware so your application can be modified to use them with minimal effort. My point is the same - Service Mesh is great, your middleware already does most of it - The problem is policy and automation, so we’ve solved those for you.

[1] https://www.usenix.org/conference/srecon20americas/presentat... [2] https://gitlab.com/gauntletwizard_net/kubetls




With istio though, I don't need any motifications. I literally inject the sidecar and everything is mtls'd automatically, the apps just call http:// and the proxy does the rest.

Why would I use this over istio?


Watch my talk and find out :)

More seriously, if your istio injector stops working, your app will keep working over plaintext. For some users, that’s a feature. For others, that’s a breach of contract with fines. My app targets the latter.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: