Does Prisma Cloud Support Integration with Service Mesh Technologies?

15035

Created On 05/03/22 02:50 AM - Last Modified 05/04/22 08:54 AM

Prisma Cloud Compute Edition Self-Hosted

Question

Prisma Cloud’s WAAS module now seamlessly inter-operates with Service Mesh Technologies provided by the Istio and Linkerd projects.
When deploying WAAS, Prisma Cloud identifies the pods with the labels identifying the service mesh sidecars, and injects the appropriate routing to allow WAAS traffic protection features.
This feature is enabled automatically in your environment with no additional configuration.
This New integration with Istio and Linkerd does not require any code or configuration changes, and enhances the protection for web applications and APIs with best of breed application layer defences.

For more information, refer the following:

Modern cloud native applications are developed as a set of distributed micro-services.
A Service Mesh is a dedicated infrastructure layer that allows developers to seamlessly add capabilities like observability, traffic management, and security, without changing application code.
When Defender DaemonSets are deployed with Istio monitoring enabled, Prisma Cloud can discover the service mesh and show you the connections for each service. Services integrated with Istio display the Istio logo.

Clicking on an Istio node opens an overlay with additional data about the service.

Click on the Istio button, then click on the link to get more details about the service roles.
Istio monitoring is available for Kubernetes and OpenShift clusters. When you install the Defender DaemonSet, enable the 'Monitor Istio' option.

NOTE: Istio label that would trigger WAAS service mesh handling is: "service.istio.io/canonical-name" : Resource Labels