2017-06-19: Orchestration Security SIG meeting

Last week we had an Orchestration Security SIG meeting in person meeting at the Moby summit. Here is a quick recap on what we talked about:

  • Linkerd lack of hitless updates between versions
  • ISTIO guarantees/overlap over firewalls
  • Side-car deployment model for Layer 7 proxies VS direct application-to-application security
  • Service identities, certificate formats, SPIFFE identities
  • The need for network-based IDS’s VS System-call monitoring
  • External secrets project goals, current status, next steps
    • Gemalto HSM as a potential secret plugin.
  • Quick update on entitlements

Next Steps

  • Gemalto to join the external secrets SIG
  • New members to join the orchestration-sec channel, and start reviewing the docs
  • Clarity around ISTIO plan for swarm for all attendees
  • Next meeting scheduled for 10am PST July 5th.

Other info