Zero Trusting as a True Cloud Native Dev by Didier Di Cesare
Are your applications really cloud native? As a developer, you must be concerned about who can access resources in your system.
You probably think of authentication and authorization as any other logic – ifs and elses executed before performing critical operations
Did you know the Kubernetes Role-Based Access Control and authentication can be wisely combined to other cloud native technologies to compose a platform that will help you avoid spaghetti code, implement best practices for application security as a true cloud native developer, while delegating some of the burden to other layers of your system?
Attendees to this session will learn how to leverage Kube to build Zero Trust authorization the cloud native way. The talk will demo use cases of tailor-made data security leveraging cloud native technology, including Envoy and Open Policy Agent, that reclaim security policies as a proper concern, decoupled from the application's code at the same level as Deployments and Services.
Talk Questions
Questions moderation
All questions have to comply with our Code of conduct. So if you don't see your question right after sending it it's because either it has not been moderated yet or it's a question that does not comply with our CoC.
Question 733
Would you say that kuadrant a competitor of Pomerium?Question 728
Is it possible to implement something like Cloudflare access using this? So that web users can access a protected service using for example Google Login?Question 726
Do you think the principle of least privilege could become a bottleneck for implementing more innovative solutions, given that access is restricted to only a few people?Question 731
Doesnt the gateway then become a single point of failure if we decide to validate, authenticate and authorize the requests ? Doesnt the sidecar distribute this load ?Question 727
How httproute resolves correct namespace in backendRefs?Question 730
On demo you have shown single gateway and policy referenced to the type gateway. What if we created multiple gateways?Question 732
You focused a lot on kuadrant, but since you are deploying istio anyways, why not use the istio native solution? Adding multiple other components seems to add some unnecessary extra points of failures. Are there actual advantages over the singular solution?Question 734
Can we connect this with an IdP?Question 735
What about Workload identity and mTLS?