- Видео 152
- Просмотров 232 362
Project Calico
США
Добавлен 22 апр 2015
Brought to you by Tigera, the creator of Calico Open Source. Tigera also provides commercial solutions, Calico Cloud and Calico Enterprise, which build on Calico Open Source to provide additional security and observability capabilities for containers and Kubernetes.
Project Calico is an open-source project with an active development and user community. Calico Open Source was born out of this project and has grown to be the most widely adopted solution for container networking and security, powering 8M+ nodes daily across 166 countries.
Free and open source, Calico Open Source is designed to simplify, scale, and secure container and Kubernetes networks. Invented and maintained by Tigera.
Project Calico is an open-source project with an active development and user community. Calico Open Source was born out of this project and has grown to be the most widely adopted solution for container networking and security, powering 8M+ nodes daily across 166 countries.
Free and open source, Calico Open Source is designed to simplify, scale, and secure container and Kubernetes networks. Invented and maintained by Tigera.
🎥 Investigating WAF Events and Enable WAF Blocking Mode 🎥
Hello everyone. In this video, we will explore how to investigate WAF alerts and fine-tune the WAF, web application firewall, in blocking mode.
📺 Video: Investigating WAF Events and Enable WAF Blocking Mode
🔑 Key Highlights:
Understanding WAF default behavior and detection-only mode.
Launching test attacks and analyzing WAF responses.
Viewing and interpreting WAF alerts in the Calico UI.
Configuring WAF to block suspicious traffic.
📜 Chapters:
0:30 WAF Default Behavior and Detection Mode
1:00 Launching Test Attacks with curl Commands
2:00 Viewing WAF Alerts in the Calico UI
3:00 Configuring WAF to Block Traffic
4:00 Testing Blocking Mode with curl Commands
5:00 Analyzing Blocked Requests in the Calico...
📺 Video: Investigating WAF Events and Enable WAF Blocking Mode
🔑 Key Highlights:
Understanding WAF default behavior and detection-only mode.
Launching test attacks and analyzing WAF responses.
Viewing and interpreting WAF alerts in the Calico UI.
Configuring WAF to block suspicious traffic.
📜 Chapters:
0:30 WAF Default Behavior and Detection Mode
1:00 Launching Test Attacks with curl Commands
2:00 Viewing WAF Alerts in the Calico UI
3:00 Configuring WAF to Block Traffic
4:00 Testing Blocking Mode with curl Commands
5:00 Analyzing Blocked Requests in the Calico...
Просмотров: 79
Видео
🎥 Enable WAF in the Calico UI 🎥
Просмотров 35Месяц назад
Welcome everyone to this next video. In this lesson, we will look at how you can turn on the (WAF) web application firewall feature in Calico using the Calico web user interface. 📺 Video: Enable WAF in the Calico UI 🔑 Key Highlights: Navigating to the Threat Defense menu. Configuring the Web Application Firewall. Selecting services for WAF enablement. Enabling and disabling WAF for specific ser...
🎥 Enable WAF 🎥
Просмотров 65Месяц назад
Hello everyone. In this video, we will explore how to enable and leverage the Calico workload-based WAF (Web Application Firewall). 📺 Video: Enable WAF 🔑 Key Highlights: Importance of WAF in cloud-native applications. Differences between perimeter-based WAFs and workload-based WAFs. Steps to enable WAF using both CLI and UI. Practical example of deploying and testing WAF on a front-end service....
🎥 Filter Based on IP Range 🎥
Просмотров 35Месяц назад
Welcome everyone to this next lesson. In this video, we will look at how you can filter flows based on IP range. 📺 Video: Filter Based on IP Range 🔑 Key Highlights: Use cases for filtering flows based on IP ranges. Practical examples of using IP-based filters to identify traffic. Filtering destination IP ranges to identify egress traffic. Identifying traffic from specific source IP addresses. S...
🎥 Identify All Egress Connections from a Workload 🎥
Просмотров 34Месяц назад
Welcome everyone to this next video. In this lesson, we will look at how you can identify all egress connections from workloads in your cluster. 📺 Video: Identify All Egress Connections from a Workload 🔑 Key Highlights: Introduction to egress connections and their importance. Real-time example of initiating egress traffic from a workload. Using the flow log dashboard to identify egress connecti...
🎥 Identifying Flows Denied by a Policy 🎥
Просмотров 18Месяц назад
Welcome everyone to this next example in the flow log observability and troubleshooting series. In this example, we're going to look at how to identify flows being denied by a particular policy. 📺 Video: Identifying Flows Denied by a Policy 🔑 Key Highlights: Introduction to identifying flows denied by specific policies. Scenarios where identifying denied flows is crucial for analysis and policy...
🎥 Identifying Traffic to Specific Destination IPs 🎥
Просмотров 12Месяц назад
Welcome everyone to this next example. In this video, we will look at how to identify traffic to specific destination IP addresses. 📺 Video: Identifying Traffic to Specific Destination IPs 🔑 Key Highlights: Introduction to identifying traffic to destination IPs. Use cases for identifying traffic to IPs outside the cluster. Practical examples of using the flow log dashboard to pinpoint workloads...
🎥 Identifying Traffic to Specific FQDNs 🎥
Просмотров 16Месяц назад
Welcome to the next example. In this video, we will look at how to identify traffic to specific fully qualified domain names (FQDNs) for your cluster workloads. 📺 Video: Identifying Traffic to Specific FQDNs 🔑 Key Highlights: Introduction to the unique domains widget in the flow log dashboard. Identifying flows to external services using FQDNs. Practical examples of identifying workloads genera...
🎥 Identifying Traffic to Specific Service Ports 🎥
Просмотров 13Месяц назад
Welcome to this next example. In this video, we are going to look at how to identify traffic destined to specific service ports using the flow log dashboard in Kibana. 📺 Video: Identifying Traffic to Specific Service Ports 🔑 Key Highlights: Understanding how flow logs record destination service ports. Using the Kibana dashboard to list all unique destination service ports. Identifying workloads...
🎥 Identifying Flows to and from Specific Processes with eBPF Probes 🎥
Просмотров 10Месяц назад
Welcome everyone to this next example. In this video, we will look at how to identify flows to and from specific processes using eBPF probes. 📺 Video: Identifying Flows to and from Specific Processes with eBPF Probes 🔑 Key Highlights: Introduction to process-level flow visibility using eBPF probes. How flow logs are enriched with metadata including process ID, process name, and arguments. Pract...
🎥 Inbound and Outbound Bytes 🎥
Просмотров 3Месяц назад
Welcome everyone to the next video in our series. In this video, we will look at inbound and outbound bytes for traffic in all of your clusters. 📺 Video: Inbound and Outbound Bytes in Flow Logs 🔑 Key Highlights: Introduction to the volumetric representation of traffic in the flow log dashboard. Explanation of inbound and outbound bytes grouped by source and destination namespaces. Filtering tra...
🎥 Identify “Deny” Flows 🎥
Просмотров 3Месяц назад
Welcome to the first example in our flow log observability and troubleshooting series. In this video, we’ll show you how to identify denied flows using the flow log dashboard in Kibana. 📺 Video: Identify “Deny” Flows 🔑 Key Highlights: Introduction to deny flow logs. Understanding how deny flow logs are reported by both source and destination. Steps to filter and identify denied flows in the flo...
🎥 Flow Log Dashboard Introduction 🎥
Просмотров 18Месяц назад
Welcome to our latest video! Learn how to navigate and utilize the flow logs dashboard in Kibana to enhance your observability and troubleshooting capabilities in your Kubernetes environment. 📺 Video: Flow Log Dashboard Introduction 🔑 Key Highlights: Accessing the Flow Log Dashboard in Kibana. Overview of widgets and their functions in the flow logs dashboard. Filtering flow logs by clusters, n...
🎥 Packet Capture 🎥
Просмотров 36Месяц назад
Welcome to our latest video! Learn how to initiate and download packet captures using the Calico Service Graph, helping you to monitor and analyze network traffic effectively within your Kubernetes environment. 📺 Video: Packet Capture in the Service Graph 🔑 Key Highlights: Initiating packet captures for entire namespaces or specific workloads. Setting parameters for packet captures, including p...
🎥 Creating Custom Views 🎥
Просмотров 13Месяц назад
Welcome to our latest video! Learn how to create custom views within the Calico Service Graph to simplify monitoring and focus on specific namespaces or workloads in your Kubernetes environment. 📺 Video: Creating Custom Views in the Service Graph 🔑 Key Highlights: Importance of creating custom views in the Service Graph. Steps to locate and focus on specific namespaces. How to hide unrelated na...
🎥 Part 2 - Security Policy Standards 🎥
Просмотров 10Месяц назад
🎥 Part 2 - Security Policy Standards 🎥
🎥 Part 1 - Security Domains & Policy Tiers🎥
Просмотров 24Месяц назад
🎥 Part 1 - Security Domains & Policy Tiers🎥
🎥 Challenges of Implementing Microsegmentation 🎥
Просмотров 10Месяц назад
🎥 Challenges of Implementing Microsegmentation 🎥
Identifying Policies Denying Traffic 🎥
Просмотров 722 месяца назад
Identifying Policies Denying Traffic 🎥
🎥 Identify Endpoints Scoped in a Policy
Просмотров 633 месяца назад
🎥 Identify Endpoints Scoped in a Policy
Nice Explanation. Iink it would be preferred if you replace the hand with only a pen.
I am a full stack developer and at the beginning I couldn't grasp any of all this devops thing, I couldn't understand deeply in detail what docker, k8s, jenkins, iac and all that stuff was until I realised these aren't technologies about developing but networking, so I started to study networking fundamentals and suddenly all makes sense. Devops is all about networking! I wish somebody would have told me that before, I mean, I am a programmer, I am all the day thinking about patterns, features and bugs, nothing to do with devops.
Thanks, I'm looking to achieve completely isolated namespaces so that if someone gains access to a pod, they can only see pods within the same namespace. I've already tried implementing network policies, but they didn't provide sufficient isolation (with arp-scan I can see all IPs). Could you please share any additional suggestions or best practices for achieving this level of namespace isolation effectively? Thank you for your help!
If you head over to project calico's documentation website there are examples how to implement a default deny. You could also implement host endpoint policies to secure both namespace and non-namespaced resources within your cluster and establish full isolation.
Very well explained underlying details this is the way I am looking for it 👍
Gooooddddddddddddaaaaa
Nicely explained.
'promo sm' 😕
The data/control planes can be outside a Kubernetes cluster?
Speaking broadly, generally as long as the control plane is reachable from the data plane it will work - however depending on the exact technologies bandwidth/latency/reliability considerations are important. Come and chat with us at slack.projectcalico.org/ if you have a particular case in mind!
Sounds good! 💙