Secure Control of Egress Traffic in Istio, part 3

Secure Control of Egress Traffic in Istio, part 3

  • August 4, 2019
Table of Contents

Secure Control of Egress Traffic in Istio, part 3

Welcome to part 3 in our series about secure control of egress traffic in Istio. In the first part in the series, I presented the attacks involving egress traffic and the requirements we collected for a secure control system for egress traffic. In the second part in the series, I presented the Istio way of securing egress traffic and showed how you can prevent the attacks using Istio.

In this installment, I compare secure control of egress traffic in Istio with alternative solutions such as using Kubernetes network policies and legacy egress proxies and firewalls. Finally, I describe the performance considerations regarding the secure control of egress traffic in Istio. First, let’s remember the requirements for egress traffic control we previously collected: Support of TLS with SNI or of TLS origination.

Monitor SNI and the source workload of every egress access. Define and enforce policies per cluster. Define and enforce policies per source, Kubernetes-aware.

Prevent tampering. Traffic control is transparent to the applications.

Source: istio.io

Tags :
Share :
comments powered by Disqus

Related Posts

Architecting Istio 1.1 for Performance

Architecting Istio 1.1 for Performance

Hyper-scale, microservice-based cloud environments have been exciting to build but challenging to manage. Along came Kubernetes (container orchestration) in 2014, followed by Istio (container service management) in 2017. Both open-source projects enable developers to scale container-based applications without spending too much time on administration tasks.

Read More