Applying access control management with the Zero Trust design in microservices architecture using
Service Mesh
{In today's corporate development landscape, Docker and Kubernetes have emerged as pivotal technologies, playing an indispensable role in orchestrating containerized applications. Their adoption has become paramount for organizations striving to achieve scalability, agility, and efficient resource management in the era of modern cloud-native computing. Despite the advancements in container and orchestration technologies, microservice-based applications still face numerous challenges, including issues related to network security and reliability. One of the most prevalent vulnerabilities in web applications is broken access control, which can result in unauthorized access to sensitive information, unauthorized data modification, or unauthorized execution of business functions. This research aims to explore various access control approaches within the context of service mesh and determine which mesh architecture aligns best with our testing objectives. To conduct our investigations, this study will utilize the Kind simulator to locally run Kubernetes clusters, simulating a microservices scenario provided by GoogleCloudPlatform. Additionally, this study will incorporate cloud-based testing and compare the results with the local testing scenarios, providing the necessary information to replicate this study by other researchers. Through a systematic examination of some metrics, by shedding light on performance, security, and usability dimensions, this study seeks to advance the understanding of access control in the context of evolving microservice ecosystems.