Hands-on Workshop: Zero Trust Networking in Practice with a Service M... Jason Morgan & Ashley Davis

Hands-on Workshop: Zero Trust Networking in Practice with a Service Mesh Workshop - Jason Morgan, Buoyant & Ashley Davis, Jetstack

In this hands-on workshop, participants will learn the basics of adopting a zero-trust approach to Kubernetes network security using a service mesh. Topics will include encryption, authentication, and authorization of traffic within the cluster; PKI considerations and setup for in-cluster and cross-cluster mutual TLS; applying a deny-by-default / principle of least privilege approaches to authorization; the relationship between zero-trust and perimeter security; and more. Participants will learn the elements of overall Kubernetes security that must be in place before a service mesh can be effective, including a basic threat model for Kubernetes clusters as a whole. This workshop will use Linkerd, cert-manager, and Kyverno but the techniques will be applicable to many different projects.