By Spike CurtisSep 5, 2019Calico, Security
AquaSec’s Daniel Sagi recently authored a blog post about DNS spoofing in Kubernetes. TLDR is that if you use default networking in Kubernetes you might be vulnerable to ARP spoofing which can allow pods to spoof (impersonate) the IP addresses of other pods. Since so...
By Spike CurtisAug 6, 2017Application Connectivity, Blog, Calico, Istio, Kubernetes, Network Policy
So, let’s say you have heard great things about a service mesh and are excited about the Istio open source project. Maybe you’ve even decided to move your application (or part of it) into a service mesh. We have spoken at length about the importance of Network Policy...
By Spike CurtisAug 6, 2017Application Connectivity, Blog, Calico, Istio, Kubernetes, Network Policy
Welcome to Part 2 of our series on using Network Policy in concert with Istio. In this installment, we will recommend what policy controls to put in place if you are experimenting with Istio for your applications today. 2FA for Microservices One great feature of Istio...
By Spike CurtisAug 6, 2017Application Connectivity, Calico, Istio, Kubernetes, Network Policy
This is the final installment of our series on Using Network Policy in Concert with Istio. It is also the most speculative because I’ll be discussing where we think open source projects are going to go in the future. Istio’s long term vision is to be a framework for...
