Hands-on Workshop: Network Policies - The Not-So-Hard Way

The presentation discusses how to enforce network policies using Psyllium and Kubernetes to ensure least privilege security between microservices.

• Psyllium and Kubernetes can be used to enforce network policies for microservices
• Least privilege security can be achieved by filtering HTTP requests and restricting API access
• L7 security policies can restrict access to required API resources
• Psyllium website provides resources and a helpful Slack community for beginners and contributors

The presenter emphasizes the importance of enforcing network policies to prevent unauthorized access and potential security breaches. They use the example of the Death Star's sensitive maintenance APIs, which should only be accessed by authorized personnel. By filtering HTTP requests and restricting API access, least privilege security can be achieved between microservices. The presenter also highlights the usefulness of Psyllium's network policy editor, which provides a visual and interactive representation of policies. The presenter encourages attendees to join the Psyllium Slack community for support and resources.

Many people avoid networking wherever possible because they think it is too complex and don’t even get them started on policy. In this session, we will help overcome these fears for both app developers and operations teams with network policies the not so hard way. In four easy steps we will: Introduce the fundamentals of Cilium Network Policies and the basics of application-aware and Identity-based Security Discuss the default-allow and default-deny approaches and visualize the corresponding ingress and egress connections Use the Network Policy Editor to show how a Cilium Network Policy looks and what they do on a given Kubernetes cluster Walk through examples and demonstrate how application traffic can be observed with Hubble The audience will walk away with the ability to create network policies for their workloads so they can stop worrying and love the secure connections, and show how you can use the Network Policy Editor to apply new Cilium Network Policies for your workloads.