May 6, 2025 • 14 mins
Discover how CERN secures the vital Kubernetes cluster powering its massive CMS particle physics experiment using key cloud-native tools. This episode explores their real-world implementation of Network Policies via Calico for fine-grained internal firewalling between microservices. We delve into their use of Open Policy Agent (OPA) Gatekeeper to enforce custom rules on resource creation, ensuring compliance *before* deployment. Understand their shift to HashiCorp Vault for robust, centralized, and encrypted secrets management, moving beyond basic K8s secrets. Learn how these technologies form a layered defense strategy against modern threats. We also cover practical details like specific OPA policies and the seamless Vault Agent Injector pattern.
Read the original paper: http://arxiv.org/abs/2405.15342v1
Music: 'The Insider - A Difficult Subject'
Mark as Played
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!