This chapter covers

• Deploying an API to Kubernetes
• Hardening Docker container images
• Setting up a service mesh for mutual TLS
• Locking down the network using network policies
• Supporting external clients with an ingress controller

In the chapters so far, you have learned how to secure user-facing APIs from a variety of threats using security controls such as authentication, authorization, and rate-limiting. It’s increasingly common for applications to themselves be structured as a set of microservices, communicating with each other using internal APIs intended to be used by other microservices rather than directly by users. The example in figure 10.1 shows a set of microservices implementing a fictional web ...