Explore the security implications of per-host service mesh versus sidecar model in this 18-minute conference talk by Chad Crowell at CNCF. Discover why eliminating sidecar proxies in favor of per-host proxies can be detrimental to service mesh security. Learn about the advantages of sidecar proxies, including their role in providing reliable and scalable services with necessary security constraints. Examine the footprint of proxies at low traffic levels, existing Kubernetes mechanisms, blast radius considerations, and the importance of controlled security boundaries. Understand the complexities and unpredictability introduced by per-host proxies, including increased attack vectors and a more complex security landscape.
The Negatives of Per-Host Service Mesh - Sidecar Model as an Ideal Solution for Robust Security
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
The Negatives to a Per-Host Service Mesh, the Sidecar Model Being a More Ideal Solut... Chad Crowell
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
The Future of Service Mesh - Sidecar vs Sidecarless
-
Future of Service Mesh - Sidecar, Sidecarless, or Proxyless Architectures
-
Comparison of Current Service Mesh Architectures
-
Life Without Sidecars - Is eBPF's Promise Too Good to Be True?
-
Comparing Sidecar-Less Service Mesh from Cilium and Istio
-
Service Mesh - Best Practices and Pitfalls
