Overview NodePortLocal is a feature that is part of the Antrea Agent, through which a backend Pod can be reached from the external network using a port of the Node on which the Pod is running. By default, Kubernetes offers NodePort service to expose Pods traffic to external networks, however using NodePort service, Kubernetes will […]
Overview In part two of this blog post, we will be using NSX DFW to micro-segment containerised application running inside an openshift cluster based on OKD 4.12 which we previously integrated with NSX using VMware Antrea in part one of this blog post. This is going to be fairly a short post since most of […]
Overview VMware Antrea and NSX extend advanced data centre networking and security capabilities to containerised workloads and offer a single pane of glass for organisations so that security admins can configure micro-segmentation policies rules to both containers and standard workloads (VMs and bare metals) from the same NSX UI. VMware Antrea and NSX integration is […]
Overview This is part two of blog series I started to cover the most recent security features introduced in VMware Antrea 1.6.0 (based on project Antrea 1.9.0) and NSX 4.1. I find this release of VMware Antrea and NSX has elevated containers security in the Enterprise to a higher level by introducing the ability to […]
Overview Last year, I wrote a blog post series covering containers networking and security using VMware Antrea and NSX-T 3.2 and it was the highlight of my blogging work last year and I have received many positive feedback over that topic. Since then, I have been active in tracing new features that VMware Antrea keeps […]
Overview During a recent incident I accidentally deleted a Tanzu Kubernetes Cluster which had Antrea CNI integrated with NSX. To my surprise, there was no way for NSX to identify that this cluster was not present anymore and all the cluster inventory information (nodes, namespaces, pods, etc.) were still visible in NSX manager UI under […]
Overview Antrea CNI offers a very handy feature called NodePortLocal which runs as part of the Antrea agents. This feature allows exposed Pod to be accessed from external network using specific ports opened only on the node on which that pod is running. This enables better integration with external Load Balancers which can take advantage […]
Overview In this blog post which is the last in series of posts discussing VMware Antrea IDS configuration and visibility, I am going to configure VMware Aria Operations for Logs (formerly known as vRealize LogInsight) to ingest and display VMware Antrea logs including IDS events captured by Antrea IDS Suricata engine. VMware Aria operations for […]
Overview In my previous blog post HERE I deployed VMware Antrea IDS and demonstrated how VMware IDS can secure pods running Antrea as CNI against malicious attacks, and although the feature is in tech preview it is very promising to see that VMware is committed to the vision of bringing Tanzu/Kubernetes security as an integral […]
Overview With the release of NSX 4.0.0.1 and VMware Antrea 1.5.0 came a very interesting announcement that you can now secure Antrea containers integrated with NSX using NSX IDPS i.e. leveraging threat prevention sigantures and capabilities to secure your containerised workloads. This feature is however is tech preview only at the moment, which means it is not […]