Modern microservices architectures divvy up application functions into individual services and expose them via APIs using protocols such as HTTP/REST, gRPC, or Kafka. The rise of container-based orchestration platforms, such as Kubernetes, is creating demand for routing, load balancing, and security infrastructure that is highly scalable, application aware, and resilient. At the same time, BPF (the Berkeley Packet Filter) is becoming the fastest growing technology in the Linux kernel and is revolutionizing networking, security and tracing.
What was done for security before microservices is no longer sufficient. The firewall is dead, and there’s a new norm for the modern world: security needs to be distributed and least privilege for pod-to-pod traffic in the container world.
While navigating from an architectural design to the lab and eventually production, it is important to understand the pain points and gaps of traditional firewall methods when exposing services via APIs in microservices architectures. Cynthia Thomas outlines traditional firewall methods and details the evolution of the distributed security model to enforce least privilege for microservices.
Cynthia Thomas is a Networking Specialist at Google Cloud. She has spent 10+ years in the networking industry, most recently with open source cloud and networking solutions. Cynthia has been an advocate of open source technologies while working on cloud-related technologies for the last 5 years. She is a frequent speaker at conferences, including DevOpsDays, DockerCon, Kubernetes meetups, and OpenStack events.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org