AuthN and AuthZ at Cruise - Crawl, Walk, Run
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the evolution of authentication and authorization practices at Cruise in this conference talk. Delve into the journey from basic implementations to advanced zero trust security models within Kubernetes clusters. Learn about the challenges faced, unique solutions developed, and the three-phase approach of Crawl, Walk, Run. Discover how Cruise transitioned from traditional methods to implementing SAML flows, request-driven processes, and external authorization using Open Policy Agent. Gain insights into the company's move from Nginx to Envoy, the implementation of stateless authorization, and the introduction of fine-grained access controls. Understand the importance of transparent TLS between services and the development of new user interfaces to support these security enhancements. This presentation offers valuable lessons for organizations looking to improve their AuthN and AuthZ strategies at scale.
Syllabus
Intro
Three types of callers
Crawl Walk Run
The Bad Old Days
The Crawl Phase
SAML Flow
Request Driven
Walk
Walk Stage
Run Stage
Run Phase
External Authorization
Open Policy Agent
Bundle API
What we did
Moving from Nginx to Envoy
Authentication
Stateless Authorization
Fine Grain Authorization
New UI
All services have auth
Transparent TLS between services
Join us
Questions
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Kubernetes: MicroservicesLinkedIn Learning Kubernetes: Microservices
LinkedIn Learning Sidecar Proxy Pros and Cons - Explained by Example
Hussein Nasser via YouTube What Is Service Mesh and How to Get Started With It - Mirantis Labs Tech Talks
Mirantis via YouTube Understanding Microservices with Distributed Tracing
Strange Loop Conference via YouTube