Microservices Security Pattern in Kubernetes
This blog is the fourth in our five‑part series about Kubernetes networking for Microservices March 2022:
- Program overview: Microservices March 2022: Kubernetes Networking
- Unit 1: Architecting Kubernetes Clusters for High‑Traffic Websites
- Unit 2: Exposing APIs in Kubernetes
- Unit 3: Microservices Security Pattern in Kubernetes (this post)
- Unit 4: Advanced Kubernetes Deployment Strategies
Also be sure to download our free eBook, Managing Kubernetes Traffic with NGINX: A Practical Guide, for detailed guidance on implementing Kubernetes networking with NGINX.
Mastering your north‑south traffic is just the beginning…once your services start communicating within the cluster – a.k.a. east‑west traffic – you have a whole new set of problems! Unit 3 answers the question How do I secure my APIs and apps to be production‑ready?
Three activities guide you progressively from a high‑level overview to practical application. We suggest you complete all three to get the best experience.
- Step 1: Watch the Livestream (1 Hour)
- Step 2: Deepen Your Knowledge (1–2 Hours)
- Step 3: Get Hands‑On (1 Hour)
Step 1: Watch the Livestream (1 Hour)
Each Microservices March livestream provides a high‑level overview of the topic featuring subject matter experts from learnk8s and NGINX. If you miss the live airing on March 21 – don’t worry! You can catch it on demand.
In this episode, we cover:
- The sidecar pattern
- Policies to make services more secure and resilient
- Service meshes
- Mutual TLS (mTLS)
- End-to-end encryption
Step 2: Deepen Your Knowledge (1–2 Hours)
We expect you’ll have more questions after the livestream – that’s why we curated a collection of relevant reading and videos. This Unit’s deep dive covers how to secure your Kubernetes apps and APIs.
In this 35‑minute livestream we look at security trends, transferring control over security to your Kubernetes environment, and the role of Kubernetes security in mitigating API breaches.
Organizations adopt Kubernetes for its promise of agility and cost savings. But when there are security incidents in a Kubernetes environment, most organizations pull their Kubernetes deployments out of production. In this blog we address six common use cases that you can solve with an Ingress controller or service mesh while making a big impact on the security of your apps and APIs.
Deploying Zero Trust for Kubernetes‑powered infrastructure and applications can be challenging. This blog contains a set of guidelines for building a Zero Trust Architecture in Kubernetes.
At this point you’re probably also wondering about service meshes and whether they’re something your organization needs.
Watch this on‑demand webinar for a discussion covering service mesh readiness, the importance of the data plane, and a demo of NGINX Service Mesh.
Bonus Research
If you’re keen to deepen your knowledge on security and service mesh – and have more than 1–2 hours to spend – then we suggest three additional resources to get you started.
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking – until now. This guide discusses both offensive and defensive security concepts that software engineers can easily learn and apply.
This practical eBook explains how a service mesh provides a configurable infrastructure layer that makes service-to-service communication flexible, reliable, and fast.
Explore the benefits of duplicating application services inside Kubernetes and look at some well‑established practices for deploying services such as WAF for applications that are running in Kubernetes. We cover trade‑offs between different options and the criteria that matter most to help you make the best decisions.
Step 3: Get Hands On (1 Hour)
Even with all the best webinars and research, there’s nothing quite like getting your hands on the tech. The labs run you through common scenarios to reinforce your learning.
In our third self‑paced lab, Protect Kubernetes Apps from SQL Injection, you use NGINX as a sidecar to secure a pod and intercept unwanted east‑west traffic.
To access the lab, you need to register for Microservices March 2022. If you’re already registered, the email you received with the Unit 3 Learning Guide includes access instructions. Alternatively, you can try out the lab in your own environment, using NGINX Tutorial: Protect Kubernetes Apps from SQL Injection as a guide.
Why Register for Microservices March?
While some of the activities (the livestreams and blogs) are freely available, we need to collect just a little personal information to get you set up with the full experience. Registration gives you:
- Access to four self‑paced labs where you can get hands‑on with the tech via common scenarios
- Membership in the Microservices March Slack channel for asking questions of the experts and networking with fellow participants
- Weekly learning guides to help you stay on top of the agenda
- Calendar invites for the livestreams
What’s Next?
Unit 4: Advanced Kubernetes Deployment Strategies begins on March 28. Learn about zero‑downtime deployments using tactics such as traffic splitting, blue‑green deployments, tracing, and mapping traffic flow in real time.
For detailed guidance on implementing Kubernetes networking with NGINX, download our eBook, Managing Kubernetes Traffic with NGINX: A Practical Guide.
"This blog post may reference products that are no longer available and/or no longer supported. For the most current information about available F5 NGINX products and solutions, explore our NGINX product family. NGINX is now part of F5. All previous NGINX.com links will redirect to similar NGINX content on F5.com."