YoVDO

Istio Certificate Management Through Vault

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Conference Talks Courses Kubernetes Courses VAULT (Linux Storage and Filesystems) Conference Courses Service Mesh Courses Microservices Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the design and implementation of a new Istio certificate management system using Vault in this 34-minute conference talk by Lei Tang and Yonggang Liu from Google. Dive into the Istio identity system, current certificate management architecture, and the new Vault-based system's authentication and authorization mechanisms. Follow a detailed example of a pod requesting and receiving a signed certificate from Vault. Learn about Istio's microservices management, security risks in service meshes, and context-aware access control. Witness demonstrations of authorization and authentication policies, certificate provision flow, and integration with external CAs. Gain insights into signing key injection, Citadel integration, and node agent integration, concluding with a prototype of Istio CA Vault integration.

Syllabus

Intro
Istio manages your microservices
Istio 30,000-foot view
Security risks for service meshes
Solution: Istio security Beyond Corp
Example flow of context-aware access
Demo: Istio context-aware access control • A user must be in a specific group to • The access must be protected by TS . May also control the caling path
Demo: authorization policies
Demo: authentication policy
Certificate Provision Flow
Integration with external CAS
Signing-key-injection
Citadel-integration
Nodeagent-integration
Prototype: Istio CA Vault integration


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX
Scalable Microservices with Kubernetes
Google via Udacity
Google Cloud Fundamentals: Core Infrastructure
Google via Coursera
Introduction to Kubernetes
Linux Foundation via edX
Fundamentals of Containers, Kubernetes, and Red Hat OpenShift
Red Hat via edX