November 20, 2019

175 words 1 min read

From Kubelet to Istio: Kubernetes Network Security Demystified

From Kubelet to Istio: Kubernetes Network Security Demystified

Kubernetes provides multiple layers of network security including the control plane, etcd, the CNI network, network policies, and - with Istio on top - the requests between applications themselves. In …

Talk Title From Kubelet to Istio: Kubernetes Network Security Demystified
Speakers Andrew Martin (Director, ControlPlane)
Conference KubeCon + CloudNativeCon Europe
Conf Tag
Location Copenhagen, Denmark
Date Apr 30-May 4, 2018
URL Talk Page
Slides Talk Slides
Video

Kubernetes provides multiple layers of network security including the control plane, etcd, the CNI network, network policies, and - with Istio on top - the requests between applications themselves. In this talk we explore the underlying technologies on which these layers are built using approachable examples and demonstrations. Attendees can expect to gain an understanding of these implementations and the principles behind encryption, identity, and trust in Kubernetes.- What are TLS, X.509, and mutual authentication?- Why cloud native communication should be encrypted by default- Kubernetes component intercommunication- CNI and network policy for applications - Bootstrapping identity with SPIFFE- Mutual TLS, route rules, and destination policies in Istio

comments powered by Disqus