How can I encrypt traffic on my clusters, without an operational headache?
- Encryption is a required piece of PCI, FIPS for FedRAMP authorization, and many other compliance frameworks
- However, there's no native pod-to-pod encryption with Kubernetes
- Typical solutions are 1) embedding encryption in the application or 2) use a service mesh
- Embedding encryption within an app is too complicated and requires app and security domain expertise,
- Most Service Mesh implementations are complex and hard to manage and operate
Cilium Network Security
- Simple “one switch to flip” to enable. No application changes required.
- Automatic key rotation with support for overlapping keys.
- Efficient datapath encryption using in-kernel IPsec or WireGuard®. No proxy required.
- All node traffic encrypted, including non-standard traffic like UDP.
- Works in conjunction with Cilium Cluster Mesh and VM connectivity.
- Works across all public and private clouds.
Effectively secure the data plane
- Meet compliance requirements: standards such as PCI and FIPS require encryption of data in transit.
- Secure traffic on shared hardware and networks like public or private clouds.
- Enable secure operations during migration, encrypting traffic between cloud native and traditional workloads.
- Safely use apps with non-standard traffic requirements.
Transparent Encryption Demo with WireGuard
In Episode 3 of the regular livestream covering all things related to eBPF and Cilium, Martynas Pumputis introduces WireGuard and explains how Wireguard on Cilium can be used to encrypt network traffic.
Want to learn more?
There is plenty more material available if you'd like to learn more.