Microservices Security Pattern in Kubernetes

This blog is the fourth in our five‑part series about Kubernetes networking for Microservices March 2022:

Program overview: Microservices March 2022: Kubernetes Networking
Unit 1: Architecting Kubernetes Clusters for High‑Traffic Websites

Unit 2: Exposing APIs in Kubernetes

Unit 3: Microservices Security Pattern in Kubernetes (this post)

Unit 4: Advanced Kubernetes Deployment Strategies (coming soon)

Mastering your north‑south traffic is just the beginning…once your services start communicating within the cluster – a.k.a. east‑west traffic – you have a whole new set of problems! Unit 3 answers the question How do I secure my APIs and apps to be production‑ready?

Three activities guide you progressively from a high‑level overview to practical application. We suggest you complete all three to get the best experience.

Step 1: Watch the Livestream (1 Hour)
Step 2: Deepen Your Knowledge (1–2 Hours)
Step 3: Get Hands‑On (1 Hour)

Step 1: Watch the Livestream (1 Hour)

Each Microservices March livestream provides a high‑level overview of the topic featuring subject matter experts from learnk8s and NGINX. If you miss the live airing on March 21 – don’t worry! You can catch it on demand.

In this episode, we cover:

The sidecar pattern
Policies to make services more secure and resilient
Service meshes
Mutual TLS (mTLS)
End-to-end encryption

Step 2: Deepen Your Knowledge (1–2 Hours)

We expect you’ll have more questions after the livestream – that’s why we curated a collection of relevant reading and videos. This Unit’s deep dive covers how to secure your Kubernetes apps and APIs.

Webinar | Kubernetes Security – Best Practices and Thoughts from the Field
In this 35‑minute livestream we look at security trends, transferring control over security to your Kubernetes environment, and the role of Kubernetes security in mitigating API breaches.

Blog | Six Ways to Secure Kubernetes Using Traffic Management Tools
Organizations adopt Kubernetes for its promise of agility and cost savings. But when there are security incidents in a Kubernetes environment, most organizations pull their Kubernetes deployments out of production. In this blog we address six common use cases that you can solve with an Ingress controller or service mesh while making a big impact on the security of your apps and APIs.

Blog | Seven Guidelines for Implementing Zero Trust in Kubernetes
Deploying Zero Trust for Kubernetes‑powered infrastructure and applications can be challenging. This blog contains a set of guidelines for building a Zero Trust Architecture in Kubernetes.

At this point you’re probably also wondering about service meshes and whether they’re something your organization needs.

Blog | How to Choose a Service Mesh
Learn how to determine whether you’re ready for a mesh and if so how to select one.

Webinar | Are You Service Mesh Ready? Moving from Consideration to Implementation
Watch this on‑demand webinar for a discussion covering service mesh readiness, the importance of the data plane, and a demo of NGINX Service Mesh.

Bonus Research

If you’re keen to deepen your knowledge on security and service mesh – and have more than 1–2 hours to spend – then we suggest three additional resources to get you started.

eBook | Web Application Security
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking – until now. This guide discusses both offensive and defensive security concepts that software engineers can easily learn and apply.

eBook | The Enterprise Path to Service Mesh Architectures
This practical eBook explains how a service mesh provides a configurable infrastructure layer that makes service-to-service communication flexible, reliable, and fast.

Webinar | Get the Most Out of Kubernetes with NGINX
Explore the benefits of duplicating application services inside Kubernetes and look at some well‑established practices for deploying services such as WAF for applications that are running in Kubernetes. We cover trade‑offs between different options and the criteria that matter most to help you make the best decisions.

Step 3: Get Hands On (1 Hour)

Even with all the best webinars and research, there’s nothing quite like getting your hands on the tech. The labs run you through common scenarios to reinforce your learning.

In our third self‑paced lab, Protect Kubernetes Apps from SQL Injection, you use NGINX as a sidecar to secure a pod and intercept unwanted east‑west traffic.

To access the lab, you need to register for Microservices March 2022. If you’re already registered, the email you received with the Unit 3 Learning Guide includes access instructions.

Why Register for Microservices March?

While some of the activities (the livestreams and blogs) are freely available, we need to collect just a little personal information to get you set up with the full experience. Registration gives you:

Access to four self‑paced labs where you can get hands‑on with the tech via common scenarios
Membership in the Microservices March Slack channel for asking questions of the experts and networking with fellow participants
Weekly learning guides to help you stay on top of the agenda
Calendar invites for the livestreams

What’s Next?

Unit 4: Advanced Kubernetes Deployment Strategies begins on March 28. Learn about zero‑downtime deployments using tactics such as traffic splitting, blue‑green deployments, tracing, and mapping traffic flow in real time.