Administering Multi Cluster Service Meshes Securely - Eric Murphy & Eitan Yarmush, Solo.io

Administering Multi Cluster Service Meshes Securely - Eric Murphy & Eitan Yarmush, Solo.io

Administering Multi Cluster Service Meshes Securely - The majority of existing multi-cluster service mesh architectures require the distribution of Kubernetes API credentials (kubeconfigs) across clusters, typically by provisioning a service account in the local cluster and copying its access token to a process running in a remote cluster. This architecture requires that credentials for the Kubernetes API be shared with entities outside the cluster, exposing it to attack. Furthermore, scalability limits of the Kubernetes API Server make it less than ideal to serve an unbounded number of potential remote clients managing configuration and sharing access to a cluster. This talk will explore the downside of existing approaches in this model and propose a new approach based on a client-server management architecture inspired by Envoy which does not require sharing sensitive Kubernetes credentials with remote clusters.

Administering Multi Cluster Service Meshes Securely - Eric Murphy & Eitan Yarmush, Solo.io

The majority of existing multi-cluster service mesh architectures require the distribution of Kubernetes API credentials (kubeconfigs) across clusters, typically by provisioning a service account in the local cluster and copying its access token to a process running in a remote cluster. This architecture requires that credentials for the Kubernetes API be shared with entities outside the cluster, exposing it to attack. Furthermore, scalability limits of the Kubernetes API Server make it less than ideal to serve an unbounded number of potential remote clients managing configuration and sharing access to a cluster. This talk will explore the downside of existing approaches in this model and propose a new approach based on a client-server management architecture inspired by Envoy which does not require sharing sensitive Kubernetes credentials with remote clusters.

service-meshes securely kubernetes api

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.

Top 10 API Security Threats Every API Team Should Know

Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them

API Security Weekly: Issue #101

After the special 100th edition last week, which was all about API security advice from the industry’s thought leaders, this week we are back to our regular API security news, and we have twice the number of them, from the past two weeks.

How to Properly Leverage Elasticsearch and User Behavior Analytics for API Security

How to set up Elasticsearch and Kibana for User Behavior Analytics (UBA) in API Security Monitoring — Accurately identify API security vulnerabilities. Let's learn How to Properly Leverage Elasticsearch and User Behavior Analytics for API Security

API Security Weekly: Issue #104

This week, see recent API-related vulnerabilities at Twitter and Grandstream Networks, the newly added support for mutual TLS (mTLS) in AWS API Gateway, and more.