Achieving end-to-end encryption for in-flight traffic is mandatory to comply with regulatory and security governance measures. Tanzu Service Mesh provides this capability across multiple clusters, clouds, and even service meshes.

Tanzu Service Mesh includes a top-level certificate authority (CA) to provide a trusted identity to each node on the network. In the case of microservices architecture, those nodes are the pods that run the services. Tanzu Service Mesh can set up end-to-end mutual transport layer security (mTLS) encryption using a CA function. The CA manages the certificates for the services and automatically rotates them every 90 days.

Tanzu Service Mesh implements end-to-end encryption of in-flight traffic at the Global Namespaces level, where you can apply an encryption policy that also supports different settings, such as faster certificate rotation than the default setting in Istio or setting up flexible permissive and restrictive policies.