Locking Down Kubernetes: CERN’s Guide to Network Policies, OPA & Vault

Échec de l'ajout au panier.

Veuillez réessayer plus tard

Échec de l'ajout à la liste d'envies.

Veuillez réessayer plus tard

Échec de la suppression de la liste d’envies.

Veuillez réessayer plus tard

Échec du suivi du balado

Ne plus suivre le balado a échoué

Locking Down Kubernetes: CERN’s Guide to Network Policies, OPA & Vault

Écouter gratuitement

Voir les détails du balado

À propos de cet audio

Discover how CERN secures the vital Kubernetes cluster powering its massive CMS particle physics experiment using key cloud-native tools. This episode explores their real-world implementation of Network Policies via Calico for fine-grained internal firewalling between microservices. We delve into their use of Open Policy Agent (OPA) Gatekeeper to enforce custom rules on resource creation, ensuring compliance *before* deployment. Understand their shift to HashiCorp Vault for robust, centralized, and encrypted secrets management, moving beyond basic K8s secrets. Learn how these technologies form a layered defense strategy against modern threats. We also cover practical details like specific OPA policies and the seamless Vault Agent Injector pattern. Read the original paper: http://arxiv.org/abs/2405.15342v1 Music: 'The Insider - A Difficult Subject'

Pas encore de commentaire