November 26, 2019

214 words 2 mins read

How Yelp Moved Security From the App to the Mesh with Envoy and OPA

How Yelp Moved Security From the App to the Mesh with Envoy and OPA

From its inception, Yelp's service infrastructure has treated security as a fundamental component. For many years, developers carried the burden of building security features directly into their servi …
Talk Title How Yelp Moved Security From the App to the Mesh with Envoy and OPA
Speakers Daniel Popescu (Security Engineer, Yelp), Ben Plotnick (Senior Platform Engineer, Cruise Automation)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location San Diego, CA, USA
Date Nov 15-21, 2019
URL Talk Page
Slides Talk Slides
Video

From its inception, Yelp’s service infrastructure has treated security as a fundamental component. For many years, developers carried the burden of building security features directly into their services. By using standard cloud native building blocks, the service infrastructure now provides security features by default; this enables hundreds of developers to focus on shipping features for more than 100M monthly active Yelp users.This talk will cover Yelp’s journey from a legacy service proxy to a modern, secure service mesh based on Envoy and Open Policy Agent. It will discuss-Authn and Authz mechanisms using mTLS and JWT with Envoy and OPA-Migration from using an in-house policy decision engine to standardized open source tools (OPA)-Transpiling legacy policy data to rego and other best practices for policy maintenance-Strategies for quickly and safely rolling out policy changes

safe cloud native security infrastructure open source envoy cloud service mesh
comments powered by Disqus
Intro + Deep Dive: Cloud Native Network Function (CNF) Testbed

Intro + Deep Dive: Cloud Native Network Function (CNF) Testbed

November 20, 2019

The Cloud Native Network Function (CNF) Testbed is a CNCF initiative to provide a neutral space for exploring and evaluating open source networking technologies and their interoperability. The initiat …
Intro: Dragonfly

Intro: Dragonfly

November 9, 2019

As cloud native becomes more and more popular in industry, how to distribute images efficiently and safely is a new challenge for enterprises. Dragonfly is an open source intelligent P2P based image a …
Reinventing Networking: A Deep Dive into Istio's Multicluster Gateways

Reinventing Networking: A Deep Dive into Istio's Multicluster Gateways

October 31, 2019

Service mesh software is challenging the current networking state of the art. With Istios gateways technology, it is possible to connect large numbers of Kubernetes clusters. Connectivity between clo …
The Data Analytics Platform or How to Make Data Science in a Box Possible

The Data Analytics Platform or How to Make Data Science in a Box Possible

October 27, 2019

The Hadoop and FOSS revolution has reshaped the data analytics landscape. In the search for creating a cutting-edge data platform at ING, we are faced with challenging new requirements such as cloud-r …
Uber x Security: Why and How We Built Our Workload Identity Platform

Uber x Security: Why and How We Built Our Workload Identity Platform

October 15, 2019

Since launching in 2009, Uber has become the poster child for explosive growth - in revenue, headcount, and operational complexity. This growth has created new challenges for Ubers engineering team a …
Clear Linux for Cloud Native

Clear Linux for Cloud Native

October 3, 2019

Clear Linux is a modular open source Linux distribution optimized for performance and security, from Cloud and Edge, designed for customization, and manageability. In the cloud native architecture do …