Kubernetes 1.4 Bolsters SDN Security In Weaveworks' Weave Net 1.7

Since software-defined networking (SDN) is in the rise, it's not surprising to see more products emerge to help companies try to make an easier foray into SDN operations, and attempt to distinguish themselves from the other products in the field. Weaveworks' Weave Net system is one fairly major entry in the SDN field, and recently, it added on a little extra of its own, bolstering the security of its operations by adding Kubernetes' recently-released version 1.4 release.

Kubernetes is known for its orchestration and container management systems, all available to users on an open-source basis. It's able to comfortably manage multiple containers, and with the version 1.4 release, adds a new slate of control options as well. With Kubernetes 1.4 added to Weave Net 1.7, users can add those security policies to normal operations by treating these the same way firewall rules would be treated in the system.

Those already using Weave Net, meanwhile, will be happy to note that the isolation involved is subnet-based, which means the containers involved in the exchange could be established in network subnets, effectively isolating these systems. While those adding Kubernetes 1.4 to the system will need to include more definition, that definition will also, reports note, offer more control over access and container networking options.

Without a system like Kubernetes in place, many would have turned to directory systems like OpenLDAP to define security policy. As explained by Kubernetes' COO Mathew Lodge, Kubernetes allows users to bring “...the application and the infrastructure closer together.” Lodge also offered up further comment around the release, saying “In Weave Net 1.7, we have now provided integration with Kubernetes security policies. So you can now have fine-grained security controls with Weave Net, specifying policies in Kubernetes and having it all automatically applied by Weave Net.”

What really matters here is that companies are taking security seriously. While SDN offers some great opportunities to reduce dependence on hardware and operating costs, it can also provide new potential failure points for security. SDN actually includes the means to better protect a system from outside threat even as it opens up new potential attack vectors, thanks to a more granular approach to security, but it has to be acted upon to have any real impact. Tools like Kubernetes, meanwhile, can be even more helpful in driving better security for users, and the better the security is, the more likely users will be able to safely put SDN tools like Weave Net to work.

Weave Net was already pretty impressive, but the new connection to Kubernetes should make an already good thing even better. It's hard to pass up on that kind of improvement, and it should be taken seriously. SDN can be a valuable help to many different kinds of businesses, and developments like these make it a safer help as well.

Edited by Maurice Nagle