apidays LIVE Paris 2021 - How to Achieve Zero-Trust Security With Kuma Service Mesh by Marco Palladino, KONG
0 likes•34 views
The document highlights the capabilities of Kuma, a zero-trust service mesh provided by the cloud connectivity company, facilitating secure and scalable connectivity across various platforms and clouds. It mentions extensive adoption, with over 900 organizations deploying Kuma in the past year, and emphasizes its built-in security features and observability options. The company also promotes its conferences and speaking opportunities related to cloud connectivity innovations.
![THE CLOUD
CONNECTIVITY COMPANY
IN KONG MESH
type: OPAPolicy
mesh: default
name: opa-1
selectors:
- match:
kuma.io/service: backend
conf:
policy:
inlineString: |
package envoy.authz
import input.attributes.request.http as http_request
default allow = false
token = {"valid": valid, "payload": payload} {
[_, encoded] := split(http_request.headers.authorization, " ")
[valid, _, payload] := io.jwt.decode_verify(encoded, {"secret":
"secret"})
}
allow {
is_token_valid
action_allowed
}](https://image.slidesharecdn.com/apidayszerotrustmarcopalladino-211220104918/95/apidays-LIVE-Paris-2021-How-to-Achieve-Zero-Trust-Security-With-Kuma-Service-Mesh-by-Marco-Palladino-KONG-25-638.jpg)
apidays LIVE Paris 2021 - How to Achieve Zero-Trust Security With Kuma Service Mesh by Marco Palladino, KONG
- 1. THE CLOUD CONNECTIVITY COMPANY THE CLOUD CONNECTIVITY COMPANY With Kuma THE CLOUD CONNECTIVITY COMPANY 1 https://konghq.com https://kuma.io Zero-Trust
- 2. THE CLOUD CONNECTIVITY COMPANY P A L L A D I N O Marco CO-FOUNDER & CTO AT KONG
- 3. THE CLOUD CONNECTIVITY COMPANY Connectivity Powers Innovation CONNECTIVITY NUMBER OF SERVICES
- 4. THE CLOUD CONNECTIVITY COMPANY Trust is exploitable 4
- 5. New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here
- 6. THE CLOUD CONNECTIVITY COMPANY Trust is exploitable 5 X
- 9. THE CLOUD CONNECTIVITY COMPANY ZERO-TRUST SECURITY We need virtual passports for our services. 8
- 17. THE CLOUD CONNECTIVITY COMPANY 1. Kubernetes, VMs, Multi-Cloud 2. Single and Multi-Zone 3. Multi-Mesh, Native Policies, Easy to Use 900+ Organizations Have deployed Kuma as a Service Mesh in the past 12 months C O N T R O L P L A N E SERVICE S E R V I C E Sandbox Project
- 18. THE CLOUD CONNECTIVITY COMPANY Multi-Mesh And Easy To Use & Scale Universal (K8s + VMs), Attribute-Based Policies & More Built-in Multi Zone Connectivity Intelligently route traffic across any platform and any cloud to meet expectations and SLAs Restrict access and encrypt all traffic by default to only complete transactions when identity is verified Out of the box connectivity across multi-cluster, multi-cloud and multi-platform deployments across the world.
- 20. THE CLOUD CONNECTIVITY COMPANY Kubernetes Native (CRDs) Universal CLI HTTP API Built-in GUI EASY TO USE
- 21. THE CLOUD CONNECTIVITY COMPANY Security Traffic Control Observability Advanced Policies POLICY BASED
- 22. THE CLOUD CONNECTIVITY COMPANY 70+ Observability Charts Native API Gateway Integration One-Click Zero Trust BATTERIES INCLUDED
- 23. THE CLOUD CONNECTIVITY COMPANY ZERO TRUST WITH KUMA apiVersion: kuma.io/v1alpha1 kind: Mesh metadata: name: default spec: mtls: enabledBackend: ca-1 backends: - name: ca-1 type: builtin dpCert: rotation: expiration: 1d conf: caCert: RSAbits: 2048 expiration: 10y
- 24. THE CLOUD CONNECTIVITY COMPANY ZERO TRUST WITH KUMA apiVersion: kuma.io/v1alpha1 kind: TrafficPermission mesh: default metadata: name: allow-all-traffic spec: sources: - match: kuma.io/service: '*' destinations: - match: kuma.io/service: '*'
- 25. THE CLOUD CONNECTIVITY COMPANY IN KONG MESH type: OPAPolicy mesh: default name: opa-1 selectors: - match: kuma.io/service: backend conf: policy: inlineString: | package envoy.authz import input.attributes.request.http as http_request default allow = false token = {"valid": valid, "payload": payload} { [_, encoded] := split(http_request.headers.authorization, " ") [valid, _, payload] := io.jwt.decode_verify(encoded, {"secret": "secret"}) } allow { is_token_valid action_allowed }
- 27. THE CLOUD CONNECTIVITY COMPANY 26 More Connectivity Zero Trust Service Mesh Kuma
- 28. THE CLOUD CONNECTIVITY COMPANY 27 Download at KUMA.IO Enterprise Offering: konghq.com/kong-mesh
- 29. New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here