mirror of https://github.com/istio/istio.io.git
24f9ca7046
* add the second part of the series about secure egress traffic control in Istio (#4196) * requirements for your system -> requirements for a system for egress traffic control * add links from part 1 to part 2 * add istio-identity to .spelling * add gateway and tls as keywords Co-Authored-By: Rigs Caballero <grca@google.com> * This is -> Welcome to, a new series -> our new series Co-Authored-By: Rigs Caballero <grca@google.com> * an egress traffic control system -> a secure control system for egress traffic Co-Authored-By: Rigs Caballero <grca@google.com> * for controlling egress traffic securely ->to securely control the egress traffic, prevents the -> can help you prevent such Co-Authored-By: Rigs Caballero <grca@google.com> * Egress traffic control by Istio -> Secure control of egress traffic in Istio Co-Authored-By: Rigs Caballero <grca@google.com> * add bullets regarding security measures for Istio control plane Co-Authored-By: Rigs Caballero <grca@google.com> * you can securely monitor the traffic and define security policies on it -> you can securely monitor and define security policies for the traffic Co-Authored-By: Rigs Caballero <grca@google.com> * Possible attacks and their prevention -> Preventing possible attacks Co-Authored-By: Rigs Caballero <grca@google.com> * e.g. -> like, add a comma, split a sentence Co-Authored-By: Rigs Caballero <grca@google.com> * the -> said Co-Authored-By: Rigs Caballero <grca@google.com> * remove "for TLS traffic" it is clear that it is TLS Traffic from TLS origination Co-Authored-By: Rigs Caballero <grca@google.com> * monitor SNI and the service account of the source pod -> monitor SNI and the service account of the source pod's TLS traffic Co-Authored-By: Rigs Caballero <grca@google.com> * L3 firewall -> an L3 firewall, remove parentheses, provided -> should be provided * The L3 firewall can have -> you can configure the L3 firewall Co-Authored-By: Rigs Caballero <grca@google.com> * from pods only -> only allow. Remove "Note that" Co-Authored-By: Rigs Caballero <grca@google.com> * move the diagram right after its introduction * remove parentheses Co-Authored-By: Rigs Caballero <grca@google.com> * emphasize the label (A, B) Co-Authored-By: Rigs Caballero <grca@google.com> * policy with regard -> policies as they regard Co-Authored-By: Rigs Caballero <grca@google.com> * rewrite the sentence about a compromised pod Co-Authored-By: Rigs Caballero <grca@google.com> * traffic must be monitored -> traffic is monitored Co-Authored-By: Rigs Caballero <grca@google.com> * Note that application A is allowed -> since application A is allowed Co-Authored-By: Rigs Caballero <grca@google.com> * rewrite the sentence about monitoring access of the compromised version of the application Co-Authored-By: Rigs Caballero <grca@google.com> * split the sentence about detecting suspicious traffic Co-Authored-By: Rigs Caballero <grca@google.com> * rewrite the sentence about thwarting the second goal of the attackers Co-Authored-By: Rigs Caballero <grca@google.com> * Istio must enforce -> enforces, forbids access of application A -> forbids application A from accessing Co-Authored-By: Rigs Caballero <grca@google.com> * Rewrite the sentence "let's see which attacks" Co-Authored-By: Rigs Caballero <grca@google.com> * rewrite the sentence "I hope that" Co-Authored-By: Rigs Caballero <grca@google.com> * in the next blog post -> in the next part Co-Authored-By: Rigs Caballero <grca@google.com> * remove mentioning wildcard domains * rewrite the "Secure control of egress traffic in Istio" section * remove a leftover from suggested changes * as they regard to egress traffic -> for egress traffic * convert security policies into bullets * make the labels (A,B) bold * remove the sentences about thwarting the second goal * rewrite the paragraph about which goals of the attackers can be thwarted * remove a leftover from the previous changes * such attacks -> the attacks * rewrite the section about preventing the attacks * secure egress traffic control -> secure control of egress traffic * sending HTTP traffic -> sending unencrypted HTTP traffic * define security policies -> enforce security policies * change the publish date to July 9 * formatting Co-Authored-By: Rigs Caballero <grca@google.com> * Kubernetes Network Policies -> Kubernetes network policies Co-Authored-By: Rigs Caballero <grca@google.com> * [an example for Kubernetes Network Policies configuration] -> an example of the [Kubernetes Network Policies configuration] Co-Authored-By: Rigs Caballero <grca@google.com> * use proper capitalization and punctuation for bullet 1 Co-Authored-By: Rigs Caballero <grca@google.com> * use proper capitalization and punctuation for bullet 2 Co-Authored-By: Rigs Caballero <grca@google.com> * use proper capitalization and punctuation for bullet 3 Co-Authored-By: Rigs Caballero <grca@google.com> * use proper capitalization and punctuation for bullet 4 Co-Authored-By: Rigs Caballero <grca@google.com> * check -> verify, access the destination, mongo1, access mongo1 Co-Authored-By: Rigs Caballero <grca@google.com> * You can thwart the third goal -> to stop attackers from Co-Authored-By: Rigs Caballero <grca@google.com> * remove mentioning anomaly detection Co-Authored-By: Rigs Caballero <grca@google.com> * Provide context instead of "after all" Co-Authored-By: Rigs Caballero <grca@google.com> * split a long line Co-Authored-By: Rigs Caballero <grca@google.com> * connect two sentences Co-Authored-By: Rigs Caballero <grca@google.com> * First -> Next Co-Authored-By: Rigs Caballero <grca@google.com> * use - instead of * for bulleted lists * make the first attacker's goal a bullet Co-Authored-By: Rigs Caballero <grca@google.com> * make the first attacker's goal a bullet the previous commit was related to the third goal Co-Authored-By: Rigs Caballero <grca@google.com> * make the second attacker's goal a bullet Co-Authored-By: Rigs Caballero <grca@google.com> * fix indentation Co-Authored-By: Rigs Caballero <grca@google.com> * make the reference to prevention of the first goal a bullet Co-Authored-By: Rigs Caballero <grca@google.com> * make the reference to prevention of the second goal a bullet Co-Authored-By: Rigs Caballero <grca@google.com> * rephrase the sentence about applying additional security measures Co-Authored-By: Rigs Caballero <grca@google.com> * remove leftover from a previous change Co-Authored-By: Rigs Caballero <grca@google.com> * that will enforce -> to enforce Co-Authored-By: Rigs Caballero <grca@google.com> * split long lines * rewrite the part about increasing security of the control plane pods * fix indentation * fix indentation and remove a leftover from a previous change * extend the bold font from a single word to a phrase * rewrite the prevention of the straightforward access and the attacks * add conclusion after the attacks part * control planes pods -> control plane pods * control plane -> Istio control plane * is able to access it indistinguishable -> is indistinguishable Co-Authored-By: Rigs Caballero <grca@google.com> * rewrite the sentence "The choice would mainly depend on" Co-Authored-By: Rigs Caballero <grca@google.com> * insure -> ensure Co-Authored-By: Rigs Caballero <grca@google.com> * update the publish date to 10-th of July |
||
|---|---|---|
| .. | ||
| announcing-1.0-eol | ||
| announcing-1.0-eol-final | ||
| announcing-1.0.6 | ||
| announcing-1.0.7 | ||
| announcing-1.0.8 | ||
| announcing-1.0.9 | ||
| announcing-1.1 | ||
| announcing-1.1.1 | ||
| announcing-1.1.2 | ||
| announcing-1.1.3 | ||
| announcing-1.1.4 | ||
| announcing-1.1.5 | ||
| announcing-1.1.6 | ||
| announcing-1.1.7 | ||
| announcing-1.1.8 | ||
| announcing-1.1.9 | ||
| announcing-1.1.10 | ||
| announcing-1.1.11 | ||
| announcing-1.2 | ||
| announcing-discuss.istio.io | ||
| appswitch | ||
| custom-ingress-gateway | ||
| cve-2019-12243 | ||
| cve-2019-12995 | ||
| data-plane-setup | ||
| egress-performance | ||
| egress-traffic-control-in-istio-part-1 | ||
| egress-traffic-control-in-istio-part-2 | ||
| istio1.1_perf | ||
| multicluster-version-routing | ||
| performance-best-practices | ||
| root-transition | ||
| sail-the-blog | ||
| _index.md | ||