Explore network isolation and security policies for Kubernetes bare-metal nodes in this 29-minute conference talk by Girish Moodalbail and Liel Shoshan. Discover how to implement strong network isolation and flexible stateful security policy enforcement for multi-tenant cloud environments using Kubernetes at scale. Learn about a high-performance implementation based on Software Defined Networking (SDN) for Kubernetes node networking, utilizing Open Virtual Network (OVN) and Open vSwitch (OVS) offloaded to "bump-in-the-wire" Smart NICs. Gain insights into topics such as logical topology, multitenancy, trusted zones, and datapath hardware offload. Understand how this approach minimizes host resource consumption while maintaining immunity to potentially malicious host root users, all while remaining compatible with high-performance Kubernetes CNI implementations.
Network Isolation and Security Policies for Kubernetes Bare-metal Nodes
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Introduction
Bump in the Wire
Logical Topology
One Kubernetes
Smartening
Smartnic
Network Diagram
Multitenancy
Trusted Zones
Datapass Hardware Offload
Taught by
CNCF [Cloud Native Computing Foundation]