Organizations are scaling Kubernetes deployments with container platforms running on a mix of on-prem, cloud, and multi-cloud infrastructure. However, not all users are taking a standardized approach to building multiple clusters on a common distribution and on a single infrastructure with common security tools.

CVE-2020-8554 is a vulnerability that allows Kubernetes Services to intercept cluster traffic to any IP address. Users who can manage services can exploit the vulnerability to carry out man-in-the-middle (MITM) attacks against pods and nodes in the cluster. All Kubernetes versions including the latest release (v1.20) are vulnerable to this attack. If your cluster is multi-tenant, or allows unprivileged users to create and update services, you are impacted.

Managing multiple Kubernetes clusters can become time consuming and complex. Calico Enterprise can help with built in multi-cluster management capabilities to simplify deployment and ongoing operations, including securing interactions between the clusters, and providing cross-cluster service discovery.

In this talk, we will explore how to meet common enterprise security control needs when running Kubernetes. We will look at a range of common enterprise security needs and how you can meet these with standard Kubernetes primitives and open source projects such as Calico, or take it a step further with the additional features of Calico Enterprise.

When you have different teams interacting with a Kubernetes cluster you need to think about the security, privacy, and observability challenges associated with multi-tenancy: How to provide each team with access to the specific resources they need, in a way that allows the team to be agile, without risking impacting other teams? In this session, we’ll explore the Kubernetes multi tenancy concepts and design patterns needed for successful enablement of multi-tenancy within your Kubernetes clusters using key capabilities of Calico Enterprise.

A majority of existing workloads are non-Kubernetes, and for the platform teams involved, this creates challenges because the cluster will need to be securely connected to those resources. Calico Enterprise includes several features that enable fine-grained access controls between your microservices and databases, cloud services, APIs, and other applications that may be protected behind a firewall. There are different approaches to managing Kubernetes egress access, depending on your needs and where you want the control point to be

If you are deploying Kubernetes on-premises in your datacenter, this is a talk and demo you won’t want to miss. Networking and security might not be the first things that come to mind, but without some understanding of the networking and security decisions you’ll need to make, and the right options for your environment, you’re likely to get stuck or make the wrong assumptions. These may limit your ability to scale or integrate with the rest of the datacenter network.

Managing networking, observability and security in multiple Kubernetes clusters can quickly become a major challenge. Lack of a centralized, unified multi-cluster approach results in dozens of clusters that are deployed and managed independently throughout an organization, with very little uniformity in the way they are secured. This adds complexity for DevOps teams, who must adapt to different cluster environments.

Tigera and Fortinet have joined forces to solve this operational challenge. With the combination of FortiManager and Calico Enterprise, you gain access control and full visibility into the container environment along with centralized management. In this webinar, you will learn how Calico Enterprise and FortiManager enable you to.

In an age where attackers are becoming more and more sophisticated, network security as a line of defense is more important than ever. Network Policy is the primary tool for securing a Kubernetes network. It allows you to easily restrict the network traffic in your cluster so only the traffic that you want to flow is allowed. In this training session, we will go over the core concepts in Kubernetes Network Policies and Calico Network Policies. Compare and contrast between the two models, and highlight when to use one versus the other.