Securing Cluster Networking with Network Policies - Ahmet Balkan, Google
Securing Cluster Networking with Network Policies - Ahmet Balkan, Google
In a secure microservices cluster, you should only have the pods that need to communicate with each other to be able to establish network connections, and block all others. But how? Until recently, Kubernetes users could not enforce policies for container networking.
First introduced in Kubernetes 1.3, Network Policies are now a stable feature in Kubernetes 1.7. In this talk, we will discuss use cases for network policies, the Network Policy API, how to configure network policies, and how the configured policies are enforced. We will also present some network policies that address some common use cases and are relevant to securing your Kubernetes clusters.
Also, we will discuss the roadmap for Network Policies feature, other methods you can use to secure applications at network and application layers, and how Network Policies relate to service mesh projects such as Istio that offer similar functionality.
About Ahmet Alp Balkan
Ahmet is a software engineer at Google Kubernetes Engine, working on optimizing the developer experiences. He creates developer tools and tells stories about complicated features.
Previously, he has worked on Microsoft Azure on projects like porting Docker to Windows and Azure Container Registry.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Видео Securing Cluster Networking with Network Policies - Ahmet Balkan, Google канала CNCF [Cloud Native Computing Foundation]
In a secure microservices cluster, you should only have the pods that need to communicate with each other to be able to establish network connections, and block all others. But how? Until recently, Kubernetes users could not enforce policies for container networking.
First introduced in Kubernetes 1.3, Network Policies are now a stable feature in Kubernetes 1.7. In this talk, we will discuss use cases for network policies, the Network Policy API, how to configure network policies, and how the configured policies are enforced. We will also present some network policies that address some common use cases and are relevant to securing your Kubernetes clusters.
Also, we will discuss the roadmap for Network Policies feature, other methods you can use to secure applications at network and application layers, and how Network Policies relate to service mesh projects such as Istio that offer similar functionality.
About Ahmet Alp Balkan
Ahmet is a software engineer at Google Kubernetes Engine, working on optimizing the developer experiences. He creates developer tools and tells stories about complicated features.
Previously, he has worked on Microsoft Azure on projects like porting Docker to Windows and Azure Container Registry.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Видео Securing Cluster Networking with Network Policies - Ahmet Balkan, Google канала CNCF [Cloud Native Computing Foundation]
Показать
Комментарии отсутствуют
Информация о видео
16 декабря 2017 г. 1:27:48
00:30:55
Другие видео канала
Effective RBAC - Jordan Liggitt, Red HatLife of a Packet [I] - Michael Rubin, GoogleKubernetes Network Policy Tutorial - yaml explained + Demo CalicoContainer Networking From Scratch - Kristen Jacobs, OracleShare Azure Blob Containers w/External Partners Using Shared Access Signatures/Access Policy - DemosHacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantecreadiness probe and liveness probe in kuberenetesFrom Kubelet to Istio: Kubernetes Network Security Demystified - Andrew Martin, ControlPlaneUniversal Kubernetes with Project “Gardener” on VCF for Private Cloud +DEMO | SAP TechEd in 2020Understanding and Troubleshooting the eBPF Datapath in Cilium - Nathan Sweet, DigitalOceanVirtual Kubelet Introduction | Azure FridayKubernetes Ingress: Your Router, Your Rules by Gerred Dillon, DeisCNCF Live Webinar: Kubernetes 1.23 ReleaseIntroduction to Networking | Network Fundamentals Part 1To Crd, or Not to Crd, That is the Question - Ed King & Sam Gunaratne, PivotalDistributed Transactions are dead - Sergey BykovConfiguring Route Reflectors in Calico for KubernetesIntroduction to Google Kubernetes Engine for beginners