Open Source Summit Europe 2024

This talk delves into the transformative combination of WireGuard and Calico for enhancing network security in Kubernetes clusters. Despite the ubiquity of Kubernetes in microservice orchestration, securing the inter-node traffic often presents a significant challenge. We will first discuss the security risks associated with the non-encryption of inter-node traffic, such as data interception and potential injection of malicious payloads. It underscores the critical importance of implementing traffic encryption within Kubernetes clusters to thwart these threats. We examine WireGuard and ProjectCalico using its eBPF dataplane for securing traffic. The talk navigates the potential constraints, including the requirement for kernel support, the complexity of multi-cluster setups, and the compatibility issues across different environments.