By Christopher LiljenstolpeMar 20, 2019Containers, Security
A proper container security strategy involves evaluating all components in the system. Thoughts from 35,000 feet Two experiences in the last 24 hours have encouraged me to write this missive. At least it seems like a good idea while sitting in a sealed Aluminium tube...
By Christopher LiljenstolpeMar 6, 2019Blog, Kubernetes, Network Policy
Usually, when you hear us going on about labels here at Tigera, we are mentioning them as targets for selectors for network policies. As a review, you might have a policy that says, “things labeled customerDB=server should allow traffic on 6443 from things labeled...
By Christopher LiljenstolpeJan 31, 2019Blog, Kubernetes, Security, Uncategorized
One of the key Kubernetes security concepts is that workload identity is tied back to information that the orchestrator has. The orchestrator is actually the authoritative entity for what the actual workloads are in the platform. Kubernetes uses labels to select...
By Christopher LiljenstolpeDec 27, 2018Kubernetes, Networking
How to connect Kubernetes pods to on-premises infrastructure Unless you’ve been living under a rock for the last few years, you probably know that Tigera’s Project Calico and Tigera’s Secure Enterprise Edition use BGP to connect the pods in your on-prem Kubernetes...
By Christopher LiljenstolpeDec 11, 2018Business Strategy, Kubernetes, Microsegmentation, Network Policy, Security, Zerotrust
Or, How to map my current operational model into the brave new Kubernetes world Recently, I was working with a large customer of ours as part of an engagement to help them work through their security posture for their Kubernetes environment(s). As with most large...
