I've read a few sources that state that it is a good idea to use both Istio AND GKE Network Policy but it is not too clear what the benefits of doing so from a security perspective?
Is there any benefit of using Istio Policy AND GKE Network Policy?
150 views Asked by ellefc At
1
There are 1 answers
Related Questions in GOOGLE-CLOUD-PLATFORM
- Google Logging API - What service name to use when writing entries from non-Google application?
- Custom exception message from google endpoints exception
- Unable to connect database of lamp instance from servlet running on tomcat instance of google cloud
- How to launch a Jar file using Spark on hadoop
- Google Cloud Bigtable Durability/Availability Guarantees
- How do I add a startup script to an existing VM from the developer console?
- What is the difference between an Instance and an Instance group
- How do i change files using ftp in google cloud?
- How to update all machines in an instance group on Google Cloud Platform?
- Setting up freeswitch server on Google cloud compute
Related Questions in GOOGLE-KUBERNETES-ENGINE
- Cannot access google cloud SQL from google container engine
- Cluster communication and firewalls in Google Container Engine
- Google Container Engine (GKE): "Hello Wordpress" tutorial not working (ERR_CONNECTION_REFUSED)
- Setting up continuous deployment to Google Compute Engine running Kubernetes
- Does Google Container Registry undergo issues?
- How to mount volume for docker container via yaml manifest?
- LogSeverity on aggregated logs in Google Container Engine
- How do I permanently edit cluster/saltbase/pillar/privilege.sls to allow_privledged with Google Container Engine?
- Static outgoing IP in Kubernetes
- Docker container curl to web
Related Questions in ISTIO
- Communicating with Redis server from a container behind Envoy
- Istio bookinfo sample deployment The connection has timed out
- Using Istio to block incoming connections from ANY to a service
- TLS handshake through Istio ingress gateway fails (tlsMode=passthrough)
- SSL with GRPC on AWS EKS and Istio Ingress gives StatusCode.UNAVAILABLE
- OPA Envoy Plugin for Istio
- How to set correct port for "kubectl port-forward" (strangely goes to localhost:8080)
- Trying to run echo server in Minikube with Istio getting connection refused from client socker
- Istio 1.4.3 to 1.5.6 upgrade using istioctl and Istio operator
- How to enable automatic mTLS using istio mesh in AWS EKS?
Related Questions in KUBERNETES-NETWORKPOLICY
- GKE Kubernetes network policy allowing other node IPs
- networkpolicy to isolate namespace and pod with port
- Google Kubernetes Engine: NetworkPolicy allowing egress to k8s-metadata-proxy
- how to deny egress to all namespaces, and allow ingress from some namespaces in kubernetes using network policies
- How to create a network policy that matches Kubernetes API
- why networkpolicy ingress not working for my case
- Kubernetes Health Checks Failing with Network Policies Enabled
- Is there any benefit of using Istio Policy AND GKE Network Policy?
- AKS | NetworkPolicy | Blocking ingress traffic while using Azure CNI
- AZURE OPENSHIFT DNSConfig and Ingress/Egress NetworkPolicy?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Istio Policy and GKE Network Policy don't work at the same level.
So, it could make sense to use both if all your traffic aren't managed by Istio (if you don't use only HTTPS protocol). If not, you will open the port 443 for all the pods, and it's clearly useless.