Advanced Security on Kubernetes with Istio
Conventional network is designed with a policy "everything on the inside an organizations network can be trusted".Thus, a system security is based on Firewall in order to control access between outsi …
|Talk Title||Advanced Security on Kubernetes with Istio|
|Speakers||Shunsuke Miyoshi (Software Engineer, Fujitsu)|
|Conference||Automotive Linux Summit & Open Source Summit Japan|
|Date||Jun 19-22, 2018|
Conventional network is designed with a policy “everything on the inside an organization’s network can be trusted”.Thus, a system security is based on Firewall in order to control access between outside and inside.However, recent attacks are becoming more sophisticated, and we must respond not only to the external threat but also to the threat within Firewall.As dealing with these threats, Zero Trust Network is proposed.Zero Trust Network is a security model which rooted in the principle of “never trust, always verify”.Everything(communication path, destination service, …) are verified in this model, thus, it makes a system more secure.In Kubernetes, we can build a Zero Trust Network model by combining NetworkPolicy(one of Kubernetes function) and Istio.This presentation shows an overview of Zero Trust Network model, and how to create the model in kubernetes with Istio.