Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Network Isolation and Security Policies for Kubernetes Bare-metal Nodes

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore network isolation and security policies for Kubernetes bare-metal nodes in this 29-minute conference talk by Girish Moodalbail and Liel Shoshan. Discover how to implement strong network isolation and flexible stateful security policy enforcement for multi-tenant cloud environments using Kubernetes at scale. Learn about a high-performance implementation based on Software Defined Networking (SDN) for Kubernetes node networking, utilizing Open Virtual Network (OVN) and Open vSwitch (OVS) offloaded to "bump-in-the-wire" Smart NICs. Gain insights into topics such as logical topology, multitenancy, trusted zones, and datapath hardware offload. Understand how this approach minimizes host resource consumption while maintaining immunity to potentially malicious host root users, all while remaining compatible with high-performance Kubernetes CNI implementations.

Syllabus

Introduction
Bump in the Wire
Logical Topology
One Kubernetes
Smartening
Smartnic
Network Diagram
Multitenancy
Trusted Zones
Datapass Hardware Offload

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Network Isolation and Security Policies for Kubernetes Bare-metal Nodes

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.