The presentation discusses the installation and use of Emissary, a service mesh for Kubernetes, and its ability to achieve zero trust networking.
- Emissary is a service mesh for Kubernetes that can achieve zero trust networking
- Emissary uses envoy for data wrangling and can consume ebpf modules for networking efficiency
- Emissary can generate unique certificates for each connection and recommends using cert manager for certificate rotation
- Emissary 2.11 introduced the ability to use policy for zero trust networking and 2.12 will have a more granular and easier to use policy system
- Installation of Emissary involves adding the helm repo, installing the Emissary CRDs, and using helm to install Emissary into a namespace
During the presentation, the speaker highlighted the importance of installing the Emissary CRDs for a new installation or upgrade to ensure the latest and greatest definition of the custom resources used to configure Emissary. They also emphasized the need to wait for Emissary to be running before proceeding with installation. The speaker also mentioned the importance of using cert manager to rotate the intermediary certificate that Emissary uses to issue workload certificates.
In this workshop, members of the Emissary-Ingress and Linkerd teams show the painless way to get four CNCF projects (Emissary, Linkerd, Kubernetes, and Envoy) running smoothly together to provide end-to-end encryption for application calls. They'll guide you through the best practices for using Linkerd and Emissary to give you capabilities like advanced L7 routing, in-cluster mTLS, embedded authentication, rate limiting, and much more. They’ll take you on a tour of each project and show you how they complement each other and make a great addition to your Kubernetes stack. Finally, they'll introduce a reference architecture for running Linkerd and Emissary together and walk you through how to implement it in practice.Click here to view captioning/translation in the MeetingPlay platform!