Yaya za ka samar da sadarwar aikin aiki na aikin aiki (mTLS, zero-trust)?

Question

Accepted Answer

A cikin cibiyar sadarwar microservices ba za ka iya amincewa da sadarwa kawai saboda yana "ciki". **Zero-trust** yana ɗauka cewa sadarwa yana aiki da gaje, saboda haka kowane kira ana tabbatar da shi da ƙaddara shi, kuma zartarwa sune encrypted tare da **mTLS**.

## Mutual TLS (mTLS)

Ba kamar TLS na yau-yau ba, **duka** banaji suna gabatarwa tarattatau. Kowane aiki ya tabbatar da asalinsa, kuma zartarwa sune encrypted a cikin jira.

```text
Service A ──cert──▶ Service B
Service A ◀─cert── Service B   (both verify each other's identity)
→ caller is authenticated AND data is encrypted
```

Wata mesh na aiki na iya samar da mTLS kai tsaye ba tare da canje-canjen lambar app ba.

## Umarnin aiki-ga-aiki

Asali (wane ke kira) kaari dabara (abin da za su iya yi). Alamun kasuwa (JWT) ko SPIFFE asalai suna dadar mutum mai kira.

```yaml
# allow only the orders service to call payments
policy:
  from: { service: orders }
  to:   { service: payments, path: /charge }
  action: ALLOW            # everything else denied by default
```

## Kariya a zurfin

```text
✓ Authenticate every request (no implicit network trust)
✓ Least privilege — a service can call only what it needs
✓ Short-lived, rotated credentials/certs
✓ Validate tokens at the edge AND between services
✓ Encrypt in transit (mTLS) and at rest
```

## Sakaci

Amin da ciki sadarwa ("yana bayan baje-bajen") yadda abin da aka marmara gida ya zama sakaci gaba daba.

## Me yasa hakan mahalaci ne

A cikin sadarwa ciki santsi, abin da aka sakaci na iya amfani koli kaifai; zero-trust yana iya sakaci rarraba.

mTLS kaari kira kira da kira ko ma ba za shi iya yin abin da aka sakaci ko ta musamman ta, wace abin da aka gabatar ne na bade-bade bade na sadarwar microservices na zamani.