Kubernetes Node Firewalling from the Inside Out - Jef Spaleta & Justin Garrison скачать в хорошем качестве

Kubernetes Node Firewalling from the Inside Out - Jef Spaleta & Justin Garrison

Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io Kubernetes Node Firewalling from the Inside Out - Jef Spaleta, Isovalent & Justin Garrison, Sidero Labs The Kubernetes API manages network policies for application traffic in a declarative way. Some network interfaces—like Cilium—take this further by introducing additional policy resources that are more expressive than the default resources. Kubernetes intentionally leaves host networking policy out of the equation. As a result, admins typically fall back to familiar tools and write fragile bash scripts for Iptables and Firewalld when defining host network firewall policy, but that's not the only option. The host network in your Kubernetes node is just another network namespace, albeit a somewhat special one, and it is possible to use declarative resources to secure node host networks, but not with the default Kubernetes API resources. This talk will cover a couple of contemporary implementations that provide in-cluster host network firewalling. Both Talos, as a Kubernetes distribution, and Cilium, as an advanced CNI, offer host firewalling declared as resources inside the cluster.