SOT
    • Introduction
    • Release notes
      • 2025.03.00
        • RC2
        • RC1
      • 2025.02.01
        • SP10
        • SP9
        • SP8
        • SP7
        • SP6
        • SP5
        • SP3
        • SP2
        • SP1
      • 2025.02.00
        • SP25
        • SP24
        • SP23
        • SP22
        • SP21
        • SP20
        • SP19
        • SP18
        • SP17
        • SP16
        • SP15
        • SP14
        • SP13
        • SP12
        • SP11
        • SP10
        • SP9
        • SP8
        • SP7
        • SP6
        • SP5
        • SP4
        • SP3
        • SP2
        • SP1
    • Getting started
      • Getting access
      • Login
      • Main screen
      • Welcome dashboard
      • Detecting process anomalies
      • Analyzing data and detecting event sequences
      • Analyzing KPIs
    • How-tos
      • Monitors on production lines
        • Configuring the automatic login in the Smart Operations Toolkit
        • Configuring the automatic login to the identity provider with the Windows user
        • Setting cookies in the browser
        • Configuring the automatic logout in the Smart Operations Toolkit
        • Configuring the command line parameters in the browser
        • Known limitations and troubleshooting
      • Try out the APIs
    • Integration guide
      • Underlying concepts
        • Underlying concepts
        • Onboarding
        • Security
        • Communication
      • Integration journey
      • Example integrations
        • Node-RED
        • Power BI
      • Overview of APIs
    • Operations manual
      • Release
      • System architecture and interfaces
      • System requirements
        • Cluster requirements
        • Database requirements
        • Support for service meshes
      • Migration from previous SOT versions
      • Setup and configuration
        • Deployment process
        • Deployment with Helm
        • Advanced configuration
        • Integrations with external secret management solutions
        • Context paths
        • Service accounts and authorizations
        • Validation tests
        • Setup click once
        • Database user setup and configuration
      • Start and shutdown
      • Regular operations
        • User management & authentication
        • How to add additional tenants
        • How to access the cluster and pods
        • Automatic module role assignments in customer tenants
        • User credentials rotation - database and messaging secrets
      • Failure handling
        • Failure handling guidelines
        • Ansible operator troubleshooting
        • How to reach BCI for unresolved issues
      • Backup and restore
      • Logging and monitoring
        • The concept and conventions
        • ELK stack
        • ELK configurations aspects for beats
        • Proxy setup for ELK
        • Health endpoints configurations
      • Known limitations
      • Supporting functions
      • Security recommendations
        • Kubernetes
        • Security Best Practices for Databases
        • Certificates
        • Threat detection tools
    • Infrastructure manual
      • Release
      • System architecture and interfaces
        • RabbitMQ version support
      • System requirements
      • Migration from previous SOT infrastructure versions
      • Setup and configuration
        • Deployment process of the SOT infrastructure Helm chart
        • Deployment with Helm
      • Start and shutdown
      • Regular operations
        • RabbitMQ
          • User management & authentication
          • Disk size change
          • Upgrade performance with high performant disk type
          • Pod management policy
      • Failure handling
        • Connection failures
        • Data safety on the RabbitMQ side
        • Fix RabbitMQ cluster partitions
        • Delete unsynchronized RabbitMQ queues
        • How to reach BCI for unresolved issues
      • Backup and restore
      • Logging and monitoring
      • Known limitations
    • Training
    • Glossary
    • Further information and contact
Smart Operations Toolkit
  • Smart Operations Toolkit
    • Deviation Processor
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Process Quality
    • AI Services
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
  • Enterprise & Shopfloor Integration
    • Information Router
    • Master Data Management

SOT Learning Portal

  • Smart Operations Toolkit
  • Operations manual
  • System requirements
  • Support for service meshes

Support for service meshes

Services meshes are the state-of-the-art technology to secure all communication within and between Kubernetes clusters. To achieve this, service meshes typically intercept and redirect the traffic to/from the Pods using proxy containers that are injected into the application Pods. Those proxies can then secure the communication between Pods using mTLS. In such scenarios, the service mesh control plane takes care of the complex and error-prone certificate management for the various mTLS connections, while being transparent to the actual application workloads.

The installation and configuration of a service mesh is the responsibility of the cluster operator and not part of the SOT installation process. However, it is in recommended to make use of service meshes to secure all communication between SOT modules running in the same cluster.

While, the final choice of the used service mesh technology is the responsibility of the cluster operator, SOT comes with built-in integration support for the Linkerd service mesh project (https://linkerd.io/) as well as the Istio service mesh project (https://istio.io/). These integrations allow to automatically configure a SOT installations to make use of Linkerd or Istio. More details about the required configurations, can be found in the "ServiceMeshConfiguration" section of this document.

To integrate with other service mesh technologies and projects, the required integration settings, e.g., additional annotations, have to be manually created and are out of scope of the automated SOT installation.

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2026, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses