<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Zero-Trust on Brave New Geek</title><link>https://bravenewgeek.com/tag/zero-trust/</link><description>Recent content in Zero-Trust on Brave New Geek</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Wed, 24 Jun 2020 11:31:44 -0500</lastBuildDate><atom:link href="https://bravenewgeek.com/tag/zero-trust/index.xml" rel="self" type="application/rss+xml"/><item><title>Using Google-Managed Certificates and Identity-Aware Proxy With GKE</title><link>https://bravenewgeek.com/using-google-managed-certificates-and-identity-aware-proxy-with-gke/</link><pubDate>Wed, 24 Jun 2020 11:31:44 -0500</pubDate><guid>https://bravenewgeek.com/using-google-managed-certificates-and-identity-aware-proxy-with-gke/</guid><description>&lt;p&gt;Ingress on Google Kubernetes Engine (GKE) uses a Google Cloud Load Balancer (GCLB). GCLB provides a single anycast IP that fronts all of your backend compute instances along with a lot of other &lt;a href="https://cloud.google.com/load-balancing"&gt;rich features&lt;/a&gt;. In order to create a GCLB that uses HTTPS, an SSL certificate needs to be associated with the ingress resource. This certificate can either be &lt;a href="https://cloud.google.com/load-balancing/docs/ssl-certificates/self-managed-certs"&gt;self-managed&lt;/a&gt; or &lt;a href="https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs"&gt;Google-managed&lt;/a&gt;. The benefit of using a Google-managed certificate is that they are provisioned, renewed, and managed for your domain names by Google. These managed certificates can also be configured directly with GKE, meaning we can configure our certificates the same way we declaratively configure our other Kubernetes resources such as deployments, services, and ingresses.&lt;/p&gt;</description></item><item><title>Zero-Trust Security on GCP With Context-Aware Access</title><link>https://bravenewgeek.com/zero-trust-security-on-gcp-with-context-aware-access/</link><pubDate>Mon, 22 Jun 2020 14:54:15 -0500</pubDate><guid>https://bravenewgeek.com/zero-trust-security-on-gcp-with-context-aware-access/</guid><description>&lt;p&gt;A lot of our clients at Real Kinetic leverage &lt;a href="https://blog.realkinetic.com/serverless-on-gcp-183fd811a706"&gt;serverless on GCP&lt;/a&gt; to quickly build applications with minimal operations overhead. Serverless is one of the things that truly &lt;a href="https://blog.realkinetic.com/gcp-and-aws-whats-the-difference-3b1329f0ffb3"&gt;differentiates GCP&lt;/a&gt; from other cloud providers, and &lt;a href="https://blog.realkinetic.com/why-google-app-engine-9c3d2f75dd02"&gt;App Engine&lt;/a&gt; is a big component of this. Many of these companies come from an on-prem world and, as a result, tend to favor perimeter-based security models. They rely heavily on things like IP and network restrictions, VPNs, corporate intranets, and so forth. Unfortunately, this type of security model doesn’t always fit nicely with serverless due to the elastic and dynamic nature of serverless systems.&lt;/p&gt;</description></item></channel></rss>