I've read a few sources that state that it is a good idea to use both Istio AND GKE Network Policy but it is not too clear what the benefits of doing so from a security perspective?
Is there any benefit of using Istio Policy AND GKE Network Policy?
151 views Asked by ellefc At
1
There are 1 answers
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in GOOGLE-KUBERNETES-ENGINE
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- Kubectl command throws error when executed from python script but manual execution works fine
- Unable to add TLS certificate to GKE from Google Secret Manager
- GKE Clusters no indication within metrics or logs after failure
- Getting connection refused to Private GKE Internal point. Autopilot private cluster
- Can I have the Google managed service range on a standard gke cluster created with Terraform- non auto-pilot
- Configure Lens with GKE cluster - gke_gcloud_auth_plugin issue
- Having issues joining my kubernetes worker noed to a controller node
- How to deploy airflow in kubernetes cluster that uses istio
- GKE cluster shutdown
- Artifactory 404 error from virtual repository where docker pulls fine but crictl does not
- Scraping from Mexico in GCP EKG?
- not able to connect via cloud sql proxy
- SQL connection throws error when adding DistributedSession, SessionMiddleware
- CronJob pod repeats pending forever even after deleting it
Related Questions in ISTIO
- Implementing Multi-Tenant Access Restriction with Keycloak and Istio
- "make -f ../tools/certs/Makefile.selfsigned.mk cluster1-cacerts" not working on my windows
- Istio Egress Gateway Configuration
- istio gateway: getting Warning [IST0162] but can't finde what is wrong
- How to route requests from a gateway resource in k8s that takes in UDP traffic?
- How to deploy airflow in kubernetes cluster that uses istio
- Expose service on k8 Infrastructure
- ImagePullBackOff with Istio/X when attempting to create a new Istio Ingress Gateway in 2024
- istio request validation succed only after few times of retrial
- Traffic from Google L7 cloud load balancer to istio-gateway
- Curl from App Container failing with Istio
- can anyone advise on how to get the test coverage for istio/proxy?
- Kubeflow ssl: none from centraldashboard to profiles which cause rbac access denied
- Istio Authorization Policy for peer authorization
- Route traffic with consistent hashing on low-load pods with Istio
Related Questions in KUBERNETES-NETWORKPOLICY
- Kubernetes Network policies traffic between namespaces from one to one pods only
- Kubernetes NetworkPolicy for current namespace
- Network Policy Is Not Working in Kubernetes
- How to deny all traffic from other kubernetes namespaces
- Kubernetes Ingress Network Policy is not working on a pod
- EKS with VPC CIN after applying NetworkPolicy has intermittant connection timeouts
- Kubernetes network-policy does not do any effect
- Split http traffic with CiliumNetworkPolicies
- pod-to-pod communication across namespace in the same cluster
- Restricting AKS Pod Access to Specific IP Address Range
- how to configure access from internal dns to the container by using kubernetes network policy
- In Kuberentes can we create a network policy to restrict unix socket creation
- problem in isolating specific pods using network policy from other namespaces
- How can we find all network policies associate to a pod?
- Access from the pod to a third-party server IP
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Istio Policy and GKE Network Policy don't work at the same level.
So, it could make sense to use both if all your traffic aren't managed by Istio (if you don't use only HTTPS protocol). If not, you will open the port 443 for all the pods, and it's clearly useless.