Deploying a Spring Application on K8s has become increasingly straightforward with new features in Spring Boot such as OCI image building and micrometer metric exporting. Something that is not quite as clear is how to secure a Spring Application running in a production K8s cluster.
There seems to be a gap in documentation and official guidelines on this topic. And even if there is, different teams may have different business needs and organizational challenges regarding security. What can developers do today to ensure their Spring apps are secure when running on K8s? There are no right or wrong answers.
In this solution-driven presentation, we will demonstrate some of the recommended patterns for microservice security, including setting up TLS and HTTP authorization on the apps themselves, or alternatively hiding your apps behind a proxy like SpringCloudGateway. We hope you will leave with a toolbox to assemble your own solution.
I love building tools that make developers’ lives easier when working with cloud technologies and Kubernetes. I’m fortunate enough to work on the Spring team at Pivotal alongside some very smart people.
Bella is a Pair Programming and TDD advocate, who enjoys crafting tests with a sufficient amount of cat references in them. She has worked on dozens of applications across industries like Healthcare, Insurance, Financial Services, and Retail. With experience in both green field and brown field projects, Bella is passionate about Extreme Programming, Evolutionary Architectures, and Domain-Driven Design. As a member of the Spring Cloud Commercials team, she currently focuses on delivering a reliable, secure, off-the-shelf Spring Cloud experience to Tanzu cloud developers.