Cilium ClusterMesh in Action: Strengthening Security Across Distributed Kubernetes Clusters

Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io Cilium ClusterMesh in Action: Strengthening Security Across Distributed Kubernetes Clusters - Matheus Morais, Sicredi Sicredi has over 2K applications running on 47 different K8s clusters deployed across a private cloud, built on Canonical OpenStack and public clouds. Such a complex environment needs a uniform framework to create a consistent security policy. Sicredi chose Service Mesh as such a mechanism, evaluated multiple competitors and selected Cilium ClusterMesh. This presentation will describe the evaluation process. Compare features of various service meshes and show how Sicredi used Cilium ClusterMesh to implement a full security policy across its infrastructure. Cilium is used as the CNI in Sicredi K8s clusters. Selecting it reduced operational and maintenance complexity. Cilium uses eBPF and avoids sidecars so has best performance vs competing service meshes. Its fine grain Cilium Network Policy made it possible to create rules access and operations rules per target application. Sicredi is Brazil’s largest credit union financial institution with over 7 million members.