Best-Practices for Securing Egress Traffic with Istio - Niranjan Shankar, Microsoft
You’ve successfully installed Istio and secured intra-mesh traffic with mTLS. Great. A common next-step is controlling traffic to services outside of your cluster. Thankfully, Istio offers various custom resources and mesh-wide settings, as well as integration with an egress gateway, to manage outbound traffic. Nonetheless, operators need to take several additional steps and leverage mechanisms external to Istio to enforce a defense-in-depth framework for egress communication. For instance, organizations often require that all traffic that crosses network perimeters should flow through dedicated notes, be filtered by a firewall, and be logged and monitored. Additionally, other network security controls like Network Policies are needed in the event that sidecar proxy is bypassed. In this session, we’ll explore a brief, but comprehensive, end-to-end demo how Istio APIs and configurations can integrate with cloud security services, observability tools, and Kubernetes security resources to fully secure egress traffic from your cluster. Demo: github.com/nsh....
Негізгі бет Best-Practices for Securing Egress Traffic with Istio - Niranjan Shankar, Microsoft
Пікірлер: 2