Zero Trust Service Mesh with Calico, SPIRE, and Envoy – Shaun Crampton & Evan Gilman

73

Zero Trust Service Mesh with Calico, SPIRE, and Envoy – Shaun Crampton, Tigera & Evan Gilman, Scytale

The promise of a service mesh is to be able to delegate the hard networking problems to a uniform set of proxies and controllers. An extremely important networking problem is securing traffic within the mesh. Service meshes based on the Envoy proxy are very popular and there is a large diversity of implementations, including many home-grown solutions that focus on routing but may not include security. Shaun and Evan will demonstrate how to enhance your service mesh to follow the Zero Trust network security model using SPIRE and Calico. A Zero Trust Network emphasizes resilience to compromised services, hosts, and the network itself by treating every network connection as potentially hostile. Secure connections are established only when backed by strong cryptographic identity and approved by fine grained policies—provided by SPIRE and Calico respectively.

sched.co/MPe3
Join us for KubeCon + CloudNativeCon in Shanghai June 24 – 26 and San Diego November 18 – 21! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Join us for KubeCon + CloudNativeCon in San Diego November 18 – 21. Learn more at bit.ly/2WdUyQ6. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.