Securing Microservices Cluster Networking

By Ahmet Alp Balkan

Talk Abstract

So you drank the microservices kool-aid and deployed all your apps to container clusters. Now, is your cluster networking secure already? Do you have the necessary access controls, authentication and authorization mechanisms in place?

Talk Description

So you drank the microservices kool-aid and deployed all your apps to container clusters. Now, how secure is your cluster networking? Do you have the necessary access controls, authentication and authorization mechanisms in place?

In this talk, we will go through several aspects of securing microservices networking. We will use an application that works on Kubernetes, but familiarity with Kubernetes is not necessary. From there, we will configure the security measures needed to whitelist connections, provide identity to containers and verify the authenticity of the requests.

Also, we will discuss what’s on the Kubernetes roadmap for cluster networking security and explain what “service mesh” projects like Istio and Linkerd provide in this space.

Notes

I work on Kubernetes and Google Container Engine (GKE) on a daily basis. I review many security related features and wrote a detailed blog post and tutorials/recipes on this topic.