YoVDO

AuthN and AuthZ at Cruise - Crawl, Walk, Run

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Conference Talks Courses Kubernetes Courses Authorization Courses SAML Courses Zero Trust Security Courses Envoy Courses Open Policy Agent Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the evolution of authentication and authorization practices at Cruise in this conference talk. Delve into the journey from basic implementations to advanced zero trust security models within Kubernetes clusters. Learn about the challenges faced, unique solutions developed, and the three-phase approach of Crawl, Walk, Run. Discover how Cruise transitioned from traditional methods to implementing SAML flows, request-driven processes, and external authorization using Open Policy Agent. Gain insights into the company's move from Nginx to Envoy, the implementation of stateless authorization, and the introduction of fine-grained access controls. Understand the importance of transparent TLS between services and the development of new user interfaces to support these security enhancements. This presentation offers valuable lessons for organizations looking to improve their AuthN and AuthZ strategies at scale.

Syllabus

Intro
Three types of callers
Crawl Walk Run
The Bad Old Days
The Crawl Phase
SAML Flow
Request Driven
Walk
Walk Stage
Run Stage
Run Phase
External Authorization
Open Policy Agent
Bundle API
What we did
Moving from Nginx to Envoy
Authentication
Stateless Authorization
Fine Grain Authorization
New UI
All services have auth
Transparent TLS between services
Join us
Questions


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

A Beginner’s Guide to Docker
Packt via FutureLearn
A Beginner's Guide to Kubernetes for Container Orchestration
Packt via FutureLearn
A Practical Guide to Amazon EKS
A Cloud Guru
Advanced Networking with Kubernetes on AWS
A Cloud Guru
AIOps Essentials (Autoscaling Kubernetes with Prometheus Metrics)
A Cloud Guru