Locking Down Kubernetes: CERN’s Guide to Network Policies, OPA & Vault cover art

Locking Down Kubernetes: CERN’s Guide to Network Policies, OPA & Vault

Locking Down Kubernetes: CERN’s Guide to Network Policies, OPA & Vault

Listen for free

View show details

About this listen

 Discover how CERN secures the vital Kubernetes cluster powering its massive CMS particle physics experiment using key cloud-native tools. This episode explores their real-world implementation of Network Policies via Calico for fine-grained internal firewalling between microservices. We delve into their use of Open Policy Agent (OPA) Gatekeeper to enforce custom rules on resource creation, ensuring compliance *before* deployment. Understand their shift to HashiCorp Vault for robust, centralized, and encrypted secrets management, moving beyond basic K8s secrets. Learn how these technologies form a layered defense strategy against modern threats. We also cover practical details like specific OPA policies and the seamless Vault Agent Injector pattern. Read the original paper: http://arxiv.org/abs/2405.15342v1 Music: 'The Insider - A Difficult Subject'
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.