Network Security
3 articles from official documentation
Implementing Istio Authorization Policies: Allowing HTTP Traffic with Precision
Securing your Istio mesh is critical for protecting workloads. This article breaks down how to set up an ALLOW action for HTTP traffic using Istio's AuthorizationPolicy. You'll learn how to incrementally grant access while maintaining a strong security posture.
- →Create a baseline security policy with an `allow-nothing` AuthorizationPolicy.
- →Gradually define ALLOW actions for specific workloads using the `spec.selector` and `spec.rules` fields.
Mastering Access Control for the Kubernetes API
Securing the Kubernetes API is critical for protecting your cluster. Understanding the multi-layered approach—transport security, authentication, and authorization—can save you from major security pitfalls. Dive into the specifics of how to configure these layers effectively.
- →Secure the API server by configuring it to listen on port 6443 with TLS.
- →Authenticate requests using various modules to ensure they come from valid users.
Mastering Network Policies in Kubernetes with Cilium
Network policies are essential for securing your Kubernetes environment. Learn how Cilium enhances these policies by extending capabilities to Layers 3-7, allowing for granular control over traffic. This article dives into practical implementations and common pitfalls.
- →Understand the difference between NetworkPolicy and CiliumNetworkPolicy for enhanced control.
- →Leverage Kubernetes to distribute network policies automatically across nodes.