Build Systems that Drive Business
30–31 Oct 2018: Training
31 Oct–2 Nov 2018: Tutorials & Conference
London, UK

From kubelet to Istio: Kubernetes network security demystified

Andrew Martin (ControlPlane)
14:1014:50 Friday, 2 November 2018
Location: King's Suite - Balmoral
Secondary topics:  Resilient, Performant & Secure Distributed Systems
Average rating: ***..
(3.17, 6 ratings)

Prerequisite knowledge

  • A basic understanding of Kubernetes (useful but not required)

What you'll learn

  • Explore the principles and technologies behind encryption, identity, and trust in Kubernetes


Kubernetes provides multiple layers of network security including the control plane, etcd, the CNI network, network policies, and—with Istio on top—the requests between applications themselves. Andrew Martin explores the underlying technologies on which these layers are built and discusses the principles behind encryption, identity, and trust in Kubernetes.

Topics include:

  • TLS, X.509, and mutual authentication
  • Why cloud-native communication should be encrypted by default
  • Kubernetes component intercommunication
  • CNI and network policy for applications
  • Bootstrapping identity with SPIFFE
  • Mutual TLS, route rules, and destination policies in Istio
Photo of Andrew Martin

Andrew Martin


Andrew Martin is a cofounder at ControlPlane. Andrew has a strong test-first engineering background gained architecting and deploying high-traffic web applications. He is proficient in systems development, testing, and maintenance; is comfortable profiling and securing every tier of a bare-metal or virtualized application; and has battle-hardened experience delivering containerized solutions to enterprise clients.