Gymfu9x5se5kfnh6gwqn
SkillsCast

From Kubelet to Istio: Kubernetes Network Security Demystified

25th September 2018 in London at CodeNode

There are 2 other SkillsCasts available from An Evening of Kubernetes Talks

Kubernetes provides multiple layers of network security including the control plane, etcd, the CNI network, network policies, and - with Istio on top - the requests between applications themselves. In this talk we explore the underlying technologies on which these layers are built using approachable examples and demonstrations.

Attendees can expect to gain an understanding of these implementations and the principles behind encryption, identity, and trust in Kubernetes.

  • What are TLS, X.509, and mutual authentication?

  • Why cloud native communication should be encrypted by default

  • Kubernetes component intercommunication

  • CNI and network policy for applications

  • Bootstrapping identity with SPIFFE

  • Mutual TLS, route rules, and destination policies in Istio

YOU MAY ALSO LIKE:

Thanks to our sponsors

From Kubelet to Istio: Kubernetes Network Security Demystified

Andrew Martin

Andrew Martin has a strong test-first engineering ethos gained architecting and deploying high-traffic web applications. Proficient in systems development, testing, and maintenance, he is comfortable profiling and securing every tier of a bare metal or cloud native application, and has battle-hardened experience delivering containerised solutions to enterprise clients. He is a co-founder at https://control-plane.io.

SkillsCast

Kubernetes provides multiple layers of network security including the control plane, etcd, the CNI network, network policies, and - with Istio on top - the requests between applications themselves. In this talk we explore the underlying technologies on which these layers are built using approachable examples and demonstrations.

Attendees can expect to gain an understanding of these implementations and the principles behind encryption, identity, and trust in Kubernetes.

  • What are TLS, X.509, and mutual authentication?

  • Why cloud native communication should be encrypted by default

  • Kubernetes component intercommunication

  • CNI and network policy for applications

  • Bootstrapping identity with SPIFFE

  • Mutual TLS, route rules, and destination policies in Istio

YOU MAY ALSO LIKE:

Thanks to our sponsors

About the Speaker

From Kubelet to Istio: Kubernetes Network Security Demystified

Andrew Martin

Andrew Martin has a strong test-first engineering ethos gained architecting and deploying high-traffic web applications. Proficient in systems development, testing, and maintenance, he is comfortable profiling and securing every tier of a bare metal or cloud native application, and has battle-hardened experience delivering containerised solutions to enterprise clients. He is a co-founder at https://control-plane.io.