Git Product home page Git Product logo

Comments (3)

ckemper67 avatar ckemper67 commented on May 22, 2024

@dshaw wanted us to define the area of concern and asses how deep we want to go in this working group.

from tag-security.

tk2929 avatar tk2929 commented on May 22, 2024

Just my loud thoughts probably echoing your issues:
IP based identity authentication may not render well in the virtualized environment:
• When the pods/containers fail, the substitute or standby container must assume (re-assignment aka reconfiguration) the same IP address in order to keep the authentication check transparent – not an easily scalable approach.
• This may become further complex if a single container app package gets migrated to microservice or serverless scattered over multiple containers or even Pods. Likely, the original IP based authentication needs to be reconfigured with multiple IP addresses. Though less frequent, avoiding such authentication reconfiguration would certainly be desirable since from user perspective application operation would remain the same while underneath virtual entities may have been changed. Similar issues come to mind if the load balancer needs to trigger additional Pods/containers.

  1. Is not the service identity tied to service account (not necessarily IP based)?
    3, 4: Service identity (K8s service account) seems to be an improvement over IP identity scheme. Automation and mediation broker come to mind to perhaps help admin and scale the IP and service account mapping scheme

from tag-security.

lumjjb avatar lumjjb commented on May 22, 2024

Closed due to inactivity.

from tag-security.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.