Istio and Cilium: Pushing the Boundaries of the Possible on Zero-Trust - Lin Sun, Solo.io

Istio and Cilium: Pushing the Boundaries of the Possible on Zero-Trust - Lin Sun, Solo.io

Do you get your best work done without noises or interruptions? I bet you do! Kubernetes services are no different. Istio ambient mesh provides secure by default, defense in depth and zero-trust network where waypoint proxies or zero trust tunnels work as policy enforcement points(PEPs) to secure communications between source and destination applications without sidecars. These PEPs work best when noises and malicious attacks are blocked at the lower layer of the networking stack. For example, an attacker could send well-crafted yet malicious requests that pass the PEP checks as it explores an existing or new CVE before the PEP is patched with the fix. We will present an innovative solution with live demos to easily enable DND mode for your service at L3 with Cilium network policies and L4 and L7 with Istio security policies so that your services can get the best work done with peace and quiet.