Last week we had an Orchestration Security SIG meeting in person meeting at the Moby summit. Here is a quick recap on what we talked about:
- Linkerd lack of hitless updates between versions
- ISTIO guarantees/overlap over firewalls
- Side-car deployment model for Layer 7 proxies VS direct application-to-application security
- Service identities, certificate formats, SPIFFE identities
- The need for network-based IDS’s VS System-call monitoring
- External secrets project goals, current status, next steps
- Gemalto HSM as a potential secret plugin.
- Quick update on entitlements
Next Steps
- Gemalto to join the external secrets SIG
- New members to join the orchestration-sec channel, and start reviewing the docs
- Clarity around ISTIO plan for swarm for all attendees
- Next meeting scheduled for 10am PST July 5th.
Other info
- Meeting notes: https://docs.google.com/document/d/1co6Jv9Mq8jeToK-sYNNXwUQiPWcDCvlNJ5bozAOfriE/
- #orchestration-sec on dockercommunity.slack.com