Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

AuthN and AuthZ at Cruise - Crawl, Walk, Run

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the evolution of authentication and authorization practices at Cruise in this conference talk. Delve into the journey from basic implementations to advanced zero trust security models within Kubernetes clusters. Learn about the challenges faced, unique solutions developed, and the three-phase approach of Crawl, Walk, Run. Discover how Cruise transitioned from traditional methods to implementing SAML flows, request-driven processes, and external authorization using Open Policy Agent. Gain insights into the company's move from Nginx to Envoy, the implementation of stateless authorization, and the introduction of fine-grained access controls. Understand the importance of transparent TLS between services and the development of new user interfaces to support these security enhancements. This presentation offers valuable lessons for organizations looking to improve their AuthN and AuthZ strategies at scale.

Syllabus

Intro
Three types of callers
Crawl Walk Run
The Bad Old Days
The Crawl Phase
SAML Flow
Request Driven
Walk
Walk Stage
Run Stage
Run Phase
External Authorization
Open Policy Agent
Bundle API
What we did
Moving from Nginx to Envoy
Authentication
Stateless Authorization
Fine Grain Authorization
New UI
All services have auth
Transparent TLS between services
Join us
Questions

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of AuthN and AuthZ at Cruise - Crawl, Walk, Run

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.