Securing Kubernetes Workloads with Istio Service Mesh - DevSecOps 2023

Explore Kubernetes workload security using Istio Service Mesh in this 42-minute conference talk from Conf42 DevSecOps 2023. Delve into service mesh concepts, Istio features, and key terminology before examining the architecture and security aspects of Istio. Learn about service identities, certificate conversion, and identity provisioning workflows. Understand authentication processes, including peer authentication, and see practical demonstrations of ingress gateway implementation. Investigate authorization flows and witness hands-on demos showcasing Istio's security capabilities. Gain valuable insights into enhancing Kubernetes security through service mesh technology.

intro
preamble
talk outline
what is a service mesh
istio features
important terminology
before istio
pod with sidecar
sidecar proxy
how is the sidecar injected
with istio - sidecar intercepts all traffic
istio architecture
service mesh security
service identities - the starting point
conversion of identity into a certificate
identity provisioning workflow
authentication
auth flow
peer authentication
demo
ingress gateway
demo
authorization
auth flow
demo
questions?