Explore the evolution of Cilium's WireGuard encryption from eventual to strict mode in this 22-minute conference talk. Delve into the challenges of securing Pod-to-Pod traffic within Kubernetes clusters and learn how Cilium's routing and encryption decisions are based on endpoint identities distributed via Kubernetes CRDs. Discover the potential security risks of unencrypted traffic during identity propagation and understand the development and implementation of the new WireGuard strict mode. Gain insights into how this enhancement mitigates vulnerabilities and strengthens the overall security posture of Kubernetes networking.
From Eventual to Strict Encryption - Securing Cilium's WireGuard Encryption
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
From Eventual to Strict Encryption – Securing Cilium’s WireGuard Encryption - Leonard Cohnen
Taught by
CNCF [Cloud Native Computing Foundation]