TNS
VOXPOP
How has the recent turmoil within the OpenAI offices changed your plans to use GPT in a business process or product in 2024?
Increased uncertainty means we are more likely to evaluate alternative AI chatbots and LLMs.
0%
No change in plans, though we will keep an eye on the situation.
0%
With Sam Altman back in charge, we are more likely to go all-in with GPT and LLMs.
0%
What recent turmoil?
0%
Security / Service Mesh

A Use Case to Secure Kubernetes Network Connections

In this edition of The New Stack Makers podcast recorded live at Palo Alto Networks' studio in Santa Clara, CA, HashiCorp's Nicole Hubbard shows how Consul Connect with Envoy can help to securely maintain data communication between different Kubernetes and microservices environments.
Mar 9th, 2020 5:00pm by
Featued image for: A Use Case to Secure Kubernetes Network Connections
Photo by Joanna Kosinska via Unsplash.

One of the stumbling blocks organizations typically experience when making the shift to a Kubernetes and microservices infrastructure is sharing and securing data dynamically.

In a traditional monolithic infrastructure, a single firewall structure previously largely sufficed to confine and monitor data and to manage the security layers within a single perimeter. However, applications and data shared between and within Kubernetes clusters typically extend between different cloud and on-premises environments.

As Nicole Hubbard, a developer advocate for HashiCorp observed, customers constantly face difficulties when trying to secure the communication between their services running inside of a Kubernetes cluster. The dilemma often involves trying to figure out how to lock down communications between the applications inside and outside clusters or with apps between clusters, Hubbard said.

In this edition of The New Stack Makers podcast recorded live at Palo Alto Networks’ studio in Santa Clara, CA, Hubbard shows how Consul Connect with Envoy can help to securely maintain data communication between different Kubernetes and microservices environments.

Consul is responsible for is defining the roles, defining and tracking what services are available as well as provisioning that information to the data plane so that the data plane knows how to move traffic around, Hubbard said. The data plane is basically a pluggable proxy that receives this information from the control plane and uses it to route data correctly to the correct place.


Nicole Hubbard – Securing Kubernetes Networking

“If you look at the different ways you can run applications, you can run them everywhere between mainframes, your own hardware in your own data centers, virtual machines or even as far as containers and functions that are serverless. But the one thing that’s common between all of these is the network. You have to secure the communication between all the different services, no matter where they’re running,” Hubbard said. “But as you grow and you start to break these out into microservices, you run into the problem of how does ‘a’ talk to ‘b’ and how do I find where ‘b’ is.”

Hubbard described how some bank partners can have as many as 4,000 services “that won’t scale with VLANs or firewall rules, without an extremely high operational overhead.” Hubbard described how within a service mesh, there is a control plane and the data plane, while “the control plane for us is Consul.” “And what Consul is responsible for is defining the roles, defining and tracking what services are available as well as provisioning that information to the data plane so that the data plane knows how to move traffic around,” Hubbard said. “The data plane is basically a pluggable proxy that receives this information from the control plane and uses it to route data correctly to the correct place.”

For more insight from security thought leaders, Cloud Native Security Live, 2020 Virtual Summit is your opportunity to learn from the experience and expertise of developers, DevOps pros and IT leaders who all have so much at stake in container technologies and DevSecOps. Hosted by Prisma, from Palo Alto Networks, in partnership with The New Stack, you can still virtually attend this event held Feb. 11, 2020, for a full day of discussions about cloud native security — brought to you online wherever you may be.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Pragma, The New Stack.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.