My presentation at DevOpsStage conference Istio Security Overview from Michael Furman
What will I cover in the post? You will see how to configure secure service-to-service communication using Istio. Istio Mutual TLS Demo I will show the Istio Mutual TLS Demo that explained in the Istio Example. The demo will show configuration of secure service-to-service communication using Istio. As I have described in my previous post I will use Google Kubernetes Engine (GKE). The Istio installation is very simple: you just need to select “Enable Istio” during the creation of your GKE cluster.
What will I cover in the post? You will see how to increase the security of your web application using Secure HTTP Headers. Secure HTTP Headers Secure HTTP Headers allow to increase the security of your web application in the very simple way. The recommended Secure HTTP Headers can be found at the OWASP site. Istio Bookinfo Demo application In my previous post I have described how to install the Istio Bookinfo Demo application.
What will I cover in the post? You will see how to visualize Istio metrics via Grafana dashboards. Istio add-ons Istio add-ons allow to use advanced Istio features. Istio Grafana add-on Grafana is an open source metric analytics & visualization suite. Grafana add-on allows to you to visualize Istio metrics collected by Prometheus via Grafana dashboards. Istio Bookinfo Demo application and Prometheus add-on In my previous posts I have described how to install the Istio Bookinfo Demo application and Prometheus add-on.
What will I cover in the post? You will see how to query Istio metrics using the Prometheus add-on. Istio add-ons Istio add-ons allow to use advanced Istio features. Istio Prometheus add-on We will start from the Prometheus add-on. Prometheus is an open-source systems monitoring and alerting toolkit. Prometheus add-on allows to you to query Istio metrics. Istio Metrics Istio generates metrics for all service traffic. The partial metrics list is below:
Couple of personal words … Dear Readers! In the past I posted posts related to the application security and Keycloak. I have learned Istio recently and I will happy to share my knowledge. You will continue to see my Keycloak posts, but you will also enjoy form my DevSecOps posts. Stay tuned! What will I cover in the post? You will understand what is is Istio and then You will deploy a simple demo that show how to use Istio.
My short presentation at Write the Docs Meetup It shows top 3 tips how to create security documentation. The video is published here. Top 3 tips for security documentation from Michael Furman
How To Access Keycloak APIs Using Two-Factor Authentication Two-Factor Authentication is the very strong and recommended security control. In my previous post I have described how to configure Two-factor authentication in Keycloak. The short (but important) post describes how to access Keycloak APIs using Two-Factor Authentication. Access Keycloak APIs Using User Name and Password Let’s first access Keycloak APIs Using User Name and Password. According to the Keycloak documentation, you first need to obtain an access token.
Keycloak with Okta OpenID Connect Provider Similar to SAML, Keycloak can be configured to use the external OpenID Connect Provider. The post describes how to integrate Keycloak with Okta OpenID Connect Provider. The configuration steps are very similar to the configuration of SAML Provider described in my previous post, but the configuration simpler that the SAML configuration. Configuration We need to configure Keycloak and Okta in parallel. First, you need to add the OpenID Connect Provider in Keycloak, then you need to add an OpenID Connect application in Okta using the Keycloak provider metadata.