Rootconf Delhi edition

On network engineering, infrastructure automation and DevOps

Tickets

Istio and Auth0 securing our applications on Kubernetes cluster

Submitted by Mamta Jha (@mjha) on Saturday, 10 August 2019

Section: Full talk (40 mins) Category: Security Status: Awaiting details

Abstract

This session will have key takeaways and tangible lessons that participants can apply as growth levers within their own companies. We will secure the Kubernetes cluster and the applications deployed on it with Istio and Auth0. In microservices-based architecture, authentication becomes one of the crucial things to keep in mind. We learn to integrate Istio with Auth0 to secure our applications running on the Kubernetes cluster. I will be using DigitalOcean’s managed Kubernetes service to demo this.

Istio statistics
Originally launched in May 2017, version 1.0 became generally available on 1 August 2018. 53 companies reportedly use Istio in their tech stacks. Git hub: Istio is 19400* and 3.3k forks


When we have Kubernetes cluster running thousand of services we need not break our heads in implementing traffic splitting, feature rollouts on each service level rather do this on the cluster level. And thus we take away the complexity like monitoring, security away from the software and place it on cluster level.

As we are seeking very high adoption rate of Kubernetes, when our clusters grow in size we would need to automate the control plane work items and that is what Istio does it for us. Istio is about automation. It goes beyond service mesh. It gives us the power of applying policy and control to services let it be 3 services or 300 services deployment. A single rule can provide wonders like with single rule I can make each and every service authenticate to each other. It has inbuilt metric, monitoring, logging tracing, networking control and policy driven security.

Outline

  • Learn to use Istio and Auth0 together to secure a microservices application * Create Kubernetes cluster on DigitalOcean
  • Configure Istio in the cluster
  • Deploy a sample application which would be unsecured
  • Learn to secure this sample application with Istio and Auth0

Requirements

None

Speaker bio

I am Mamta Jha. With 15 years of industry experience and in that 6 years in is Cloud and DevOps. I am presently working with DigitalOcean as a Senior Developer Advocate. I have delivered more than 50 Kubernetes workshops with various MNC in my previous role as a Trainer. In my past job I have been a Corporate trainer delivering AWS, GCP, Kubernetes, Docker and various other DevOps technologies trainings, workshops and have been a Red Hat Certified Instructor too.
I have strong technical hands on background in architecting and designing cloud, DevOps and Automation based solutions. My core competency is in architecting solutions around Kubernetes, DevOps, Data Science and ML services.
• Experienced in migrating, deploying and managing cluster of containers using various Orchestration tools.
• Designed/Migrate large & complex applications for various clients.
• Passionate about Automating Configuration Management with Ansible/Chef and setting up Kubernetes cluster either on on-Prem or cloud
• Experienced in architecting and implementing DevOps E2E solutions, implementing the complete CI/CD pipeline for clients and also implement DevOps in Cloud using various tools.
Certification: RHCE RHEL 7, RHCE OpenStack, OpenShift, Ansible, Chef, Docker and Google Cloud.
LinkedIn handle : www.linkedin.com/in/mamta-jha-cloud-n-devops-architect
Few of the previous speaking experiences are listed at: http://mamtajha.in

Slides

https://docs.google.com/presentation/d/1rb8IMl-6UEJe2M6Z_W_P9-kYU8Zz4T_q/edit#slide=id.p1

Comments

  •   Anwesha Sarkar (@anweshaalt) Reviewer 7 months ago

    Hello Mamta,

    Thank you for the submission. Here are the feedback for your proposal:

    1. What is the adoption of Istio and Auth0 in general? Share adoption metrics and statistics for us to understand whether this is a widely used tool. If this tool isn’t widely used, you have to make a case for why these should be considered by the Rootconf community?
    2. Since this is a tools talk, you have to explain the following in your slides:
      - What is the problem that Istio and Auth0 solves?
      - Why use Istio and Auth0? Which are other, similar tools, which solve the same problem? Therefore, why pick these two tools over other options?
      - Show use cases and examples of how Istio and Auth0 has changed workflow/application development/DevOps, etc for you?
      - What is the before-after scenario? What are the improvements or changes to show the audience after Istio and Auth0 and what is compromised in the process of using Istio and Auth0?
      Submit your revised proposal with slides and preview video within 7 days so that we can complete the evaluation of your proposal. If there is no response in 7 days, we will move the proposal to reject owing to lack of response from proposer.

    Regards
    Anwesha

  •   Mamta Jha (@mjha) Proposer 7 months ago

    Hi Anwesha,

    I am down with fever from more than a week now. It will be beneficial if you can extend the time for me till September 3 or 4.
    I will prepare video, slides and will also respond to all the queries by then.

    I will be grateful if my request is accepted.

    Regards,
    Mamta

  •   Mamta Jha (@mjha) Proposer 7 months ago

    Hi Anwesha,

    I have updated the slides, do let me know if anything more is needed from my end.

    Regards,
    Mamta

    •   Zainab Bawa (@zainabbawa) Reviewer 5 months ago

      Hello Mamta, the slides are not accessible publicly. Change permission settings.

  •   Anwesha Sarkar (@anweshaalt) Reviewer 6 months ago

    Thank you Mamta for the submission. Will get back to you shortly.

    Regards
    Anwesha

  •   Mamta Jha (@mjha) Proposer 5 months ago (edited 5 months ago)

    I Hi Zainab,

    Please check now.I have changed the link and given correct permissions.

    Regards,
    Mamta

  •   Mamta Jha (@mjha) Proposer 4 months ago

    Hi Zainab,

    Any update on this.

    Regards,
    Mamta

Login with Twitter or Google to leave a comment