Kubernetes provides multiple layers of network security including the control plane, etcd, the CNI network, network policies, and - with Istio on top - the requests between applications themselves. In this talk we explore the underlying technologies on which these layers are built using approachable examples and demonstrations.
Attendees can expect to gain an understanding of these implementations and the principles behind encryption, identity, and trust in Kubernetes.
What are TLS, X.509, and mutual authentication?
Why cloud native communication should be encrypted by default
Kubernetes component intercommunication
CNI and network policy for applications
Bootstrapping identity with SPIFFE
Mutual TLS, route rules, and destination policies in Istio
YOU MAY ALSO LIKE:
- DevOps Trends (in Online on 16th June 2020)
- Let’s Play with Cloud Code to Run Cloud Native Applications (in Online Event on 18th June 2020)
- How to use Apache Kafka and Grafana to visualise business process decisions running on the cloud! - Paulo Menon, Ingo Weiss, Craig Reeves. (SkillsCast recorded in October 2019)
- Don’t keep it to yourself - openness and honesty in the workplace (SkillsCast recorded in October 2019)
From Kubelet to Istio: Kubernetes Network Security Demystified
Andrew Martin has a strong test-first engineering ethos gained architecting and deploying high-traffic web applications. Proficient in systems development, testing, and maintenance, he is comfortable profiling and securing every tier of a bare metal or cloud native application, and has battle-hardened experience delivering containerised solutions to enterprise clients. He is a co-founder at https://control-plane.io.