I love building tools that make developers’ lives easier when working with cloud technologies and Kubernetes. I’m fortunate enough to work on the Spring team at Pivotal alongside some very smart people.
Bullet-proof Microservices with Spring & Kubernetes
Deploying a Spring Application on K8s has become increasingly straightforward with new features in Spring Boot such as OCI image building and micrometer metric exporting. Something that is not quite as clear is how to secure a Spring Application running in a production K8s cluster.
There seems to be a gap in documentation and official guidelines on this topic. And even if there is, different teams may have different business needs and organizational challenges regarding security. What can developers do today to ensure their Spring apps are secure when running on K8s? There are no right or wrong answers.
In this solution-driven presentation, we will demonstrate some of the recommended patterns for microservice security, including setting up TLS and HTTP authorization on the apps themselves, or alternatively hiding your apps behind a proxy like SpringCloudGateway. We hope you will leave with a toolbox to assemble your own solution.