Enterprise security kubernetes
- 1. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Enterprise security in the era of containers and Kubernetes • Karthikeyan VK • Twitter: @Karthik3030 • Blogs.karthikeyanvk.in
- 2. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is a Container? Windows Containers provide operating system virtualization that allows multiple isolated applications to be run on a single system.
- 3. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Difference between Containers and VMs
- 4. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Difference between Containers and VMs
- 6. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Why Containers? • Transforming existing applications into cloud Is Hard! • Building Hybrid Cloud applications Is Hard! • Think about building solutions that should be deployed in Azure, AWS & GCP at the same time
- 7. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Docker ? • Docker is an open platform for developing, shipping, and running applications
- 9. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Kubernetes ? • Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. • Orchestrator for Containers
- 10. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Kubectl ? • Kubectl is a command line interface for running commands against Kubernetes clusters.
- 11. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Pod? • A Kubernetes pod is a group of containers that are deployed together on the same host.
- 12. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Kubernetes Service? • A Kubernetes Service is an abstraction which defines a logical set of Pods and a policy by which to access them
- 13. Twitter: @Karthik3030 Blogs.karthikeyanvk.in What is Kubernetes Replica Sets? • Replica Set ensures how many replica of pod should be running. It can be considered as a replacement of replication controller.
- 15. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Why Enterprise Level Security
- 16. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Enterprise Level Security Features in AKS • Private Load Balancer • Virtual Network • L4 & L7 Capabilities • Control Egress Traffic • Control Ingress Traffic • East-West Traffic Policies • Whitelisting IP Addresses
- 17. Twitter: @Karthik3030 Blogs.karthikeyanvk.in L4 & L7 Security
- 18. Twitter: @Karthik3030 Blogs.karthikeyanvk.in L4 & L7 Security • L4 denotes TCP/UDP layer, where the network is flooded with packets of unnecessary data to enable Denial of Service Attack • L7 Denotes Application layer, where the API call is bombarded with unnecessary GET, POST. • Can be mitigated using application gateway or web application firewall of azure.
- 19. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Ingress Traffic • Traffic originating from external network • Limit the traffic with ingress policies • Controlled by setting which domain or which ip is allowed inside the network
- 21. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Egress Traffic • Traffic originating from internal network to Internet • Limit the traffic with 3rd party firewall
- 22. Twitter: @Karthik3030 Blogs.karthikeyanvk.in East-west Traffic • Traffic between containers • Think of one pod or container has been exploited. • East-West traffic control is very important.
- 23. Twitter: @Karthik3030 Blogs.karthikeyanvk.in Whitelisting IP Addresses • Control who should access • Http routing is disabled by default • Helps in avoiding unnecessary access and port scanning
Editor's Notes
- #2: https://www.facebook.com/aspiringDotnetArchitects
- #5: Containers : Containers include the application and all of its dependencies– but share the kernel with other containers, running as isolated processes in user space on the host operating system. Containers are not tied to any specific infrastructure: they run on any computer, on any infrastructure and in any cloud. Virtual Machines : Virtual Machines include the application, the necessary binaries and libraries, and an entire operating system.