Chapter 6. Security and Identity

Application and system security has for a long time been focused on the network. Historically, we’ve built hard outer shells (firewalls, VPNs, etc.) to fend off attacks, but once the outer shell is penetrated, an attacker could easily access many systems. But we’ve built defense-in-depth and applied networking isolation concepts within our own trust domain, requiring security administrators to punch holes in the network and set things up just so, with these network identities (IP addresses) assigned here with that access there, funneled through these ports here, and so on, just so that our applications could communicate with one another. This approach to security works well when the rate of system change is low, and when change happens over the course of days it’s easier to take manual steps or automate the setup and maintenance of networks.

When it comes to container-based systems, however, the rate of change isn’t numbered in days, but rather by the second. In highly dynamic environments, traditional network security models break down. The key problem is that traditional network security puts the emphasis on the only identity available to the network: an IP address. An IP address is not a strong indication of the application, and because dynamic environments like Kubernetes can freely reuse IP addresses for different workloads over time, they’re not sufficient to use for policy or security.

To address this problem, one of Istio’s key features ...