Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Istio Certificate Management Through Vault

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the design and implementation of a new Istio certificate management system using Vault in this 34-minute conference talk by Lei Tang and Yonggang Liu from Google. Dive into the Istio identity system, current certificate management architecture, and the new Vault-based system's authentication and authorization mechanisms. Follow a detailed example of a pod requesting and receiving a signed certificate from Vault. Learn about Istio's microservices management, security risks in service meshes, and context-aware access control. Witness demonstrations of authorization and authentication policies, certificate provision flow, and integration with external CAs. Gain insights into signing key injection, Citadel integration, and node agent integration, concluding with a prototype of Istio CA Vault integration.

Syllabus

Intro
Istio manages your microservices
Istio 30,000-foot view
Security risks for service meshes
Solution: Istio security Beyond Corp
Example flow of context-aware access
Demo: Istio context-aware access control • A user must be in a specific group to • The access must be protected by TS . May also control the caling path
Demo: authorization policies
Demo: authentication policy
Certificate Provision Flow
Integration with external CAS
Signing-key-injection
Citadel-integration
Nodeagent-integration
Prototype: Istio CA Vault integration

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Istio Certificate Management Through Vault

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.