Best Practices for Calico Security Policy Implementation in Kubernetes

Explore best practices for implementing Calico security policies in Kubernetes environments in this 47-minute conference talk. Learn about the Kubernetes networking model, security challenges, and workload identity. Discover Calico security policy features, anatomy, and behavior. Gain insights into effective implementation strategies and examine various security policy patterns, including denylists, kube-dns, and tenant restrictions. Understand how to enforce default-deny policies for tenants and implement security policy governance. Explore Calico documentation and learn about Calico Enterprise and Calico Cloud offerings to enhance your Kubernetes security posture.

Intro
Kubernetes Networking Model
Security Challenges with Kubernetes
Workload Identity, Networking and Security
Security Policy Characteristics
Calico Security Policy Features
Anatomy of a Calico Security Policy
Security Policy Behavior
Best Practices for Security Policy Implementation
Example Security Policy Patterns
Security Policy - denylist
Security Policy - kube-dns
Security Policy - tenant-1-restrict
Security Policy - checkoutservice
Security Policy - yaobank
Security Policy - bookinfo
Enforce Default-Deny for Tenants
Security Policy Governance
Calico Documentation
Calico Enterprise and Calico Cloud