Lightning Talk: How to deploy mutually authenticated TLS without ruining everything - Spike Curtis

Показать описание

Lightning Talk: How to deploy mutually authenticated TLS without ruining everything - Spike Curtis, Tigera

TLS with mandatory mutual authentication is the gold standard for communication in distributed applications and forms the backbone of a Zero Trust Network. Envoy can do it for you with no application code changes, but if you just “turn it on” in a live production cluster you’ll quickly find you have a major disruption on your hand.

In this presentation, Spike will explain and demonstrate how to take a production cluster from a completely unencrypted to fully secured without dropping traffic. The demonstration will use Istio, but Spike will explain conceptually and cover the Envoy config changes being made in each step so the techniques can be applied to any Envoy service mesh.

CNCF [Cloud Native Computing Foundation]

Рекомендации по теме

Комментарии

We developers have a fascination with 'look how I can do this in seconds and voila' tendencies in real life and we take it to conference and talks and 6 out of time we fail. Not because we don't know how to do things but reeber there is a value of unit testing that we don't get a chance to do in that setup. We should rather spend time about how things work. In this case, how certificates are obtained, how they interact in less than 3 minutes and it would have been much more producting. The icing on the cake was the question where rather than audience asking how it works under the covers, another developer was interested in knowing "why did it fail?".

HaseenHaq

My man needs to work on the Uh's and Um's.

ChristopherFranko

Does mTLS use certificates (like say from PKI), if so how/ from where? I'm a newbie..

prat-man

Lightning Talk: How to deploy mutually authenticated TLS without ruining everything - Spike Curtis

Lightning Talk: How to deploy mutually authenticated TLS without ruining everything - Spike Curtis

Lightning Talk: The Fastest Path to Production: PyTorch Inference in Python - Mark Saroufim, Meta

Lightning Talk: When the Command Line is Not Enough: Why Your OSS Project Needs A GUI - Risha Mars,

Lightning Talk: Securing Container Deployments on OpenShift - Liz Rice, Aqua

Lightning Talk: Open Source Canary Deployments with Application Metric Analysis - Hannah Troisi

Lightning Talk: A Desktop GUI for your First Kubernetes Deployment - Alessandro Pilotti

Lightning Talk: Make Way for the Gateway - Christine Kim, Google

Lightning Talk: Adventures in SDWAN Customer Prem Deployments

Lightning Talk: Is Everyone O-KEDA? “Exciting” Lessons Learned in Our Journey to Use KED... B. Davis...

Lightning Talk: How to Win at Coding Interviews - David Stone - CppCon 2022

Lightning Talks

Growing Better Together: Argo's Community-Driven Development | Project Lightning Talk

Lightning Talk: How To Even Write a Cheque... - Patrick Martin - ACCU 2024

Lightning Talk: Cloud Foundry Monitoring: How to Never Leave Your Deployment Unattended

Lightning Talk: Kustomize Your Operator - Moritz Wanzenböck, LINBIT

Lightning Talk: Use Wasm to Deploy WAF Deeper in the Service Mesh for Zero Trust and...- José Chávez...

How might we explain Design - Lightning Talk by Juneza Niyazi at DesignUp Conference 2022

Lightning Talk: Introduction to GitOps Deployment to Kubernetes - Jun Sakata, Ubie, Inc.

Lightning Talk: Connecting the (platform) pieces for automated CI/CD - Jan Willies, Accenture

Lightning Talk: OpenShift Deployment as a Cloud Service Provider - Steve Mulholland, ukcloud

Lightning Talk: How to Regain the Trust of Your Users - Eduard Iacoboaia, Booking.com

Deploy OpenShift Origin with Puppet Lightning Talk

Lightning Talk: Is Your Kubernetes Cluster's DNS Working? - Jonathan Perry, Flowmill

Lightning Talk: How We Host 1,800 Customer Instances on 8 K8s Clusters - Joanna Wyganowska