Background Our client manages several applications across different countries, with each one being hosted under its respective country-specific domain. However, this configuration has led to compromised SEO performance for the overall brand. Moreover, it has introduced heightened complexities in the maintenance of numerous DNS zones, not to mention the additional expenses incurred for SSL certificates. The client’s primary objective was to improve the brand’s SEO presence and concurrently lower the expenses related to SSL certificates. Client GOAT Interactive is a part of the Editec Group. Its goal is to become the number one operator in the African market. It aims to fuse the world of football and betting, creating an authentic, highly engaging community of sports fans who love the thrill of a bet. The brand is closely partnered with renowned football club brands and leverages these partnerships to provide a unique player experience, enabling GOAT to provide unique betting propositions, content and events to the rapidly growing African market – an experience that brings fans closer to clubs, leagues, and the sport they love. Challenges Upon analyzing the client’s request, the Symphony Solutions team identified potential challenges and adverse impacts on the existing architecture and infrastructure. The primary challenge was to migrate and host all country-specific applications under a single domain with the country path as a root folder. In addition, traffic from each front-end (FE) application needed to be routed to different back-end (BE) services deployed at dedicated Kubernetes (K8s) clusters in the same Google Cloud Platform (GCP) project. All these changes had to be achieved without performance degradation, while ensuring application functional stability, correct customer session management, and independent setup of the Web Application Firewall (WAF) and business layer. Optimize. Secure. Streamline LEARN MORE Solution Although several options could potentially meet the client’s criteria, many of them risked negatively impacting performance—for example, by introducing another layer such as an API Gateway. Others caused issues with distributed service usage, customer session isolation, and increased complexity in infrastructure management (such as extending Load Balancers (LBs) with additional plugins and functionality for advanced traffic routing). Our selected approach was to employ Istio Service Mesh architecture, extending the existing Google Kubernetes Engine (GKE) clusters with low-level envoy proxies and a control plane. This configuration allowed us to have complete control over inbound traffic without the need for separate network layers. Part of this solution required deciding between fully open-source, self-managed Istio, or Google Cloud’s GCP Anthos – a cloud-managed service based on Istio with a managed control plane. Choosing GCP Anthos reduced the DevOps maintainability of the Istio control plane, freeing the team to focus on configuring and setting up the data plane. Google Anthos integration enabled us to set up low-level Istio gateway routes and policies, directing inbound traffic to isolated K8s clusters, which were rolled out as new ASM clusters with a control plane. Embarking on a transformational journey through meticulous integration and strategic implementation of the Service Mesh framework, our client was able to achieve efficiency, reinforced security, and optimized SEO. Explore our Managed Infrastructure Services for seamless integration. Result Through meticulous integration and strategic Service Mesh implementation, our collaborative efforts have yielded the following outcomes: Integration of Service Mesh: Consolidated all client’s applications onto a single dedicated domain, with some still in progress. Decommissioned country-specific domains, streamlining the domain landscape. Reduction in Overheads: Decreased the number of Cloudflare zone licenses. Reduced the overall count of required SSL certificates. Enhanced SEO and Localization: Implemented minor application and sitemap adjustments to address SEO issues. Improved search results by catering to customer geolocation and localization. Security Advantages of Service Mesh: Enabled mutual TLS (mTLS) connections among container-based applications in GKE. Automatically rotated certificates and enforced security policies for robust security. Offered granular control over inbound/outbound internal traffic. Empowered DevOps Capabilities: Unlocked opportunities for the DevOps team to leverage various Istio features. Utilized advanced sidecar container monitoring for enhanced insights. Employed advanced reliability techniques like circuit breakers, retries, and timeouts. Implemented canary and blue-green deployments for seamless updates. Achieved all this using container-native features, sidestepping the need for extra network or application layers.