By default, pods are non-isolated; they accept traffic from any source. The Google GKE solution to this security concern is Network Security Policy that lets developers control network access to their services. Google GKE comes configured with Network Security Policy using Project Calico which can be used to secure your clusters. This class will describe a few use cases for network security policy and a live demo implementing each use case.

Calico is the only cross-platform CNI and Network Policy engine available today and is currently powers more than 150,000 known clusters across millions of nodes worldwide. Many organizations have .NET and windows workloads that they are or will eventually modernize and deploy to Kubernetes. We have been collaborating with Microsoft and joint customers over the past few years to bring Calico to the Windows platform.

By default, pods are not isolated. This means that malicious actors once inside may wander freely throughout your kubernetes cluster. During this session we’ll discuss the different attack vectors and how to mitigate. Intro to attacking kubernetes and applications Network policies, isolation and quarantining IDS and honeypots concepts

Learn how to empower your team with safe self-service network security for Kubernetes with Calico Enterprise. What are Calico Enterprise Network Policy Tiers How to use tiers to enable safe self service policy management What are Calico Enterprise Policy impact preview and staged network policies How to enable operations and developers to safely manage Kubernetes network policy How to build a workflow using these tools to safely deliver approved changes to your clusters

In this session, we will go over the core concepts in k8s network policies and calico network policies. Compare and contrast between the two models, and highlight when to use one versus the other.

Red Hat OpenShift is a great platform for hosting microservices, enabling developers to get up and running quickly. However, taking the next step from development to production imposes additional networking, security, and compliance requirements that must be addressed before Kubernetes apps can be widely deployed. Traditional networking tools, which were designed for relatively static IP environments, don’t have the context necessary to identify Kubernetes traffic flows, making it nearly impossible to effectively diagnose, troubleshoot, and resolve application connectivity issues.

In this session we’ll review networking options compatible with Calico for AKS cluster and will build a few AKS clusters using Azure CLI and ARM template.

Many development teams select Amazon EKS as the best platform to run their microservices. Adopting Amazon EKS is easy, but running applications in production requires additional capabilities to meet compliance requirements, detect potential security incidents, and troubleshoot networking problems that can often occur.

Learn how to empower your team with safe self-service network security for Kubernetes with Calico Enterprise.

In this session, we will go over the design considerations and available options to run Calico on EKS.