This week we’ll be focusing on the Zero Trust security model and how it applies to Kubernetes. This issue is split between blogs that explain what zero trust is, and hands-on practical tutorials and examples. Have your kubectl ready to go!
If you’ve never heard of the zero trust model, or have heard of it but don’t know what fits under this umbrella, this blog post will help you ease into the subject. ☂ Here you will also find links to additional materials and practical tutorials that are suitable for someone who is getting started.
Learn how to model a zero trust network model to secure your Kubernetes workloads using NetworkPolicy and Istio. This is a great primer into the mindset of Zero Trust as well as its definition as applied to Kubernetes.
Spike Curtis, a leading contributor to Istio, discusses how organizations are adapting Zero Trust and how the Kubernetes security posture can be increased with Service Mesh and other tools.
This article from the EKS best practices guide goes into more detail about securing a network that is more specific to EKS. Focusing on network policies, it brings together security groups, encryption, network traffic logging, and more using tools that are native to or recommended for AWS. ☁
This blog post from Google reviews all aspects of securing a cluster with Istio, with links to practical examples, like this tutorial. ⛵️
Nobody likes to read YAML. If you have a long and complex list of NetworkPolicy definitions, this tool from Tufin can help visualize it in a way that may look familiar to those who have spent time configuring AWS security groups. 👓
Due to the recent changes in DockerHub rate limiting, Alex Ellis has created an Operator for propagating your imagePullSecret to all of your namespaces. ⚡