CfgMgmtCamp 2019: Andrew Martin: Istio: Service Mesh Network Security

preview_player
Показать описание

Microservice security is too hard.
We must issue and rotate TLS certificates, deploy identity providers, and embed auth logic in applications.
These all require secure development, test, and maintenance effort.
Istio (a Google, IBM, and Lyft project) offers a new way: by providing a service mesh and a unified identity for each request, it offers all these things with zero application changes.

In this talk we detail:

What a service mesh is, and why Istio could revolutionise microservices
Increasing application security and availability using network RBAC and circuit breakers
Why all applications should use encryption by default
“Free” mutual TLS between all services and rotate certs every hour
Preventing token replay attacks that plague JWT
Securely delegating requests between microservices
  1. OpenEvents (Conference Livestreams and Recordings)
  2. cfgmgmtcamp
  3. andrew martin
  4. istio
  5. service mesh
  6. networking
Рекомендации по теме
CfgMgmtCamp 2019: Andrew 0:59:03

CfgMgmtCamp 2019: Andrew Martin: Istio: Service Mesh Network Security

CfgMgmtCamp 19: JJ 0:55:01

CfgMgmtCamp 19: JJ Asghar -- Istio: Control and Observability for Microservices

Istio Networking WG 1:00:37

Istio Networking WG meeting - 2019-01-17

ONF Connect 18: 0:27:44

ONF Connect 18: Securing XOS Services on Edge Using Istio Citadel Central Authority

Istio + Container 0:52:43

Istio + Container Security & Networking with Weave Net (Luke Marsden)

What is Service 0:09:43

What is Service Mesh or Istio?

JonathanJohnson#10 - Understanding 0:00:45

JonathanJohnson#10 - Understanding Kubernetes: Meshing Around with Istio