A Zero Trust Reference Architecture with Linkerd, cert-manager, Emissary-ingress, and Polaris

KubeCrash book

A Zero Trust Reference Architecture

In this book, experts from the cert-manager, Emissary-ingress, Polaris, and Linkerd open source projects take a deep dive into zero trust and how these projects work together in a well-defined reference architecture. 60+ pages of deep technical content from the creators of some of the most popular open source projects.

Table of Contents

Introduction

Chapter 1: What is Zero Trust?

  • Why is zero trust suddenly so important?
  • What is identity?
  • What is policy?
  • Enforcement
  • Zero trust for Kubernetes

Chapter 2: Zero Trust Reference Architecture

  • The architecture of the Faces application
  • Trust, TLS, and Certificates

Chapter 3: cert-manager Deep Dive

  • Certificates for cross-cluster and Pod-to-Pod communication
  • Why and how do we trust?
  • How do we automate trust using cert-manager?
  • Configuring cert-manager
  • Automating trust using trust-manager

Chapter 4: Emissary-ingress Deep Dive

  • Encryption and authentication
  • Installing Emissary-ingress
  • Defining our hostname and securing it
  • Routing traffic to our app
  • Authenticating incoming requests

Chapter 5: Linkerd Deep Dive

  • Zero trust faces
  • Installing Linkerd
  • Meshing Emissary and Faces
  • Default deny
  • Adding permissions for Emissary to reach Faces
  • Adding Permissions within Faces
  • Locking down Emissary
  • The importance of certificates and audit

Chapter 6: Polaris Deep Dive

  • Defining the policies
  • Bringing It All Together
  • Zero Trust for the Enterprise