IstioCon 2023 - Virtual

You’ve successfully installed Istio and secured intra-mesh traffic with mTLS. Great. A common next-step is controlling traffic to services outside of your cluster. Thankfully, Istio offers various custom resources and mesh-wide settings, as well as integration with an egress gateway, to manage outbound traffic. Nonetheless, operators need to take several additional steps and leverage mechanisms external to Istio to enforce a defense-in-depth framework for egress communication. For instance, organizations often require that all traffic that crosses network perimeters should flow through dedicated notes, be filtered by a firewall, and be logged and monitored. Additionally, other network security controls like Network Policies are needed in the event that sidecar proxy is bypassed. In this session, we’ll explore a brief, but comprehensive, end-to-end demo how Istio APIs and configurations can integrate with cloud security services, observability tools, and Kubernetes security resources to fully secure egress traffic from your cluster. Demo: https://github.com/nshankar13/tutorials/tree/main/istio-egress-demo.