Nicole Hubbard - Securing Kubernetes Networking
The New Stack Podcast - Een podcast door The New Stack - Donderdagen
Categorieën:
For the full video go here: https://youtu.be/honVx93d9aM As Nicole Hubbard, a developer advocate for HashiCorp observed, customers constantly face difficulties when trying to secure the communication between their services running inside of a Kubernetes cluster. The dilemma often involves trying to figure out how to lock down communications between the applications inside and outside clusters or with apps between clusters, Hubbard said. In this edition of The New Stack Makers video recorded live at Palo Alto Networks’ studio in Santa Clara, CA, Hubbard shows how Consul Connect with Envoy can help to securely maintain data communication between different Kubernetes and microservices environments. Hubbard describes, among other things, Consul Connects features and functions as a “one-on-one level intro to Consul.” The end result is that Consul Connect with Envoy secures communications between Kubernetes clusters, as well as different data sources. “If you look at the different ways you can run applications, you can run them everywhere between mainframes, your own hardware in your own data centers, virtual machines or even as far as containers and functions that are serverless. But the one thing that’s common between all of these is the network. You have to secure the communication between all the different services, no matter where they’re running,” Hubbard said. “But as you grow and you start to break these out into microservices, you run into the problem of how does ‘a’ talk to ‘b’ and how do I find where ‘b’ is.” Hubbard described how some bank partners can have as many as 4,000 services “that won’t scale with VLANs or firewall rules, without an extremely high operational overhead.” Hubbard described how within a service mesh, there is a control plane and the data plane, while “the control plane for us is Consul.” “And what Consul is responsible for is defining the roles, defining and tracking what services are available as well as provisioning that information to the data plane so that the data plane knows how to move traffic around,” Hubbard said. “The data plane is basically a pluggable proxy that receives this information from the control plane and uses it to route data correctly to the correct place.” For more insight from security thought leaders, Cloud Native Security Live, 2020 Virtual Summit is your opportunity to learn from the experience and expertise of developers, DevOps pros and IT leaders who all have so much at stake in container technologies and DevSecOps. Hosted by Prisma, from Palo Alto Networks, in partnership with The New Stack, you can still virtually attend this event held Feb. 11, 2020, for a full day of discussions about cloud native security — brought to you online wherever you may be.