Encryption, Identities, and Everything in Between; Building Se... Lior Lieberman & Igor Velichkovich
Lior Lieberman, Igor Velichkovich
KubeCon + CloudNativeCon Europe 2025 · Session
In their KubeCon EU talk, "Encryption, Identities, and Everything in Between; Building Secure Kubernetes Networks," Lior Lieberman and Igor Velichkovich address critical shortcomings in current Kubernetes network security paradigms and advocate for a shift towards identity-driven enforcement. The presentation highlights how relying on mutable IP addresses and labels for network policy decisions leaves Kubernetes clusters vulnerable to sophisticated attacks, drawing parallels to infamous real-world breaches. Lieberman and Velichkovich argue that a lack of robust, immutable identity within the network stack, coupled with an absence of industry-wide standardization, creates significant security gaps that current `NetworkPolicy` and even newer `AdminNetworkPolicy` mechanisms struggle to bridge.
AI review
Lieberman and Velichkovich deliver a brutally honest assessment of Kubernetes network security, dissecting the fundamental flaws of IP and label-based policies. They make a compelling case for a paradigm shift towards immutable, cryptographic identity for workloads, advocating for the radical idea of embedding verifiable identity directly into network packets. Their analysis of existing solutions like Cilium and Istio, coupled with a strong call for industry-wide standardization, provides crucial insights and actionable defensive strategies for anyone serious about securing cloud-native…