The Project Calico development team was out in force at CoreOS Fest meeting a ton of great people and listening to some very interesting talks. In case you missed it, I gave a talk called “Securing Micro-services with a Distributed Firewall,” which includes a demo of Kubernetes with Calico providing per-pod network security. Take a look at the embedded video for the entire talk (part of a YouTube playlist of all the CoreOS Fest talks, which I highly recommend)!
I explain how n-tier (e.g. presentation, application, and data) network security architectures fail to meet the demands of micro-service architectures.
We can foresee a better future where instead of dividing an application into arbitrary tiers and securing the border of those tiers, we can directly secure each instance of each micro-service. Project Calico delivers that per-workload network isolation by distributing the network firewall to every host in your data center, automatically handling updates to network topology (e.g. from autoscaling).
Get updates on blog posts, new releases and more!