Securing Kubernetes Networking with a Consul Service Mesh and Envoy
May 26, 2020
Learn how to set up secure service communication inside and outside Kubernetes clusters using HashiCorp Consul and Envoy proxy.
- Tim ArenzSr. Solutions Engineer, HashiCorp
- Christoph PuhlConsul Technology Specialist | Field Technology Office, HashiCorp
Many organizations are discovering the networking complexity involved in running a microservice system. Over the last few years, many influential companies have investigated this problem, the technology that has emerged is now being referred to as a "service mesh." A service mesh allows you to replace traditional host-based network security with service-based security to accommodate the highly dynamic nature of modern runtime environments.
In this talk, HashiCorp technology specialists Christoph Puhl and Tim Arenz will show how an open source Consul-based service mesh and Envoy proxy can be used to solve both network segmentation and seamless transport security with mutual TLS within your Kubernetes cluster. In addition to this, you will see how Consul can provide encrypted and authorized access to services and data stores which are running outside the cluster and potentially in a separate and isolated network.
What You'll Learn
- Introduction to modern networks security and service meshes
- Introduction to Consul
- Running a Consul service mesh and Envoy on Kubernetes
- Secure Pod to Pod communication using a Consul service mesh
- Securely integrating external applications such as data stores and legacy applications with Kubernetes
0:00 — The road to service mesh
13:30 — Introduction to service mesh in Consul
31:00 — Securing intra-Kubernetes comms with a Consul service mesh and Envoy, and integrating external apps outside Kubernetes.
47:51 — Q&A