[PLG88]

Also, have you considered embedding open source OpenZiti? It would put a zero trust dataplane into the platform so that applications could be deployed anywhere and only require outbound internet. No DNS, no VPNs, no complex FWs or rule, no network engineering skills needed. https://openziti.github.io/ziti/overview.html

The team have already 'zitified' Kubectl, Helm, Prometheus, SSH and more.

[michaelguarino_]

That's a really cool suggestion. We'll look into that for sure. We're trying to integrate cilium as much as possible currently, esp for its zero trust networking in the dataplane, but adding more control plane security as well would be a great add.

[PLG88]

Makes sense. Ziti could still be used on the dataplane to provide higher security on top of Cilium.

Could be worth having a chat with the team from Ziti, I know they are always interested to chat on things they can zitify - e.g., https://ziti.dev/blog/kubernetes/ https://github.com/openziti-test-kitchen

They hang out here - https://openziti.discourse.group/

[michaelguarino_]

Definitely, thanks for the suggestion. We'll look into where we can work with them for sure. A nice zero trust networking solution is definitely on the list of priorities.