Overview This is part two of blog series I started to cover the most recent security features introduced in VMware Antrea 1.6.0 (based on project Antrea 1.9.0) and NSX 4.1. I find this release of VMware Antrea and NSX has elevated containers security in the Enterprise to a higher level by introducing the ability to […]
Overview Last year, I wrote a blog post series covering containers networking and security using VMware Antrea and NSX-T 3.2 and it was the highlight of my blogging work last year and I have received many positive feedback over that topic. Since then, I have been active in tracing new features that VMware Antrea keeps […]
Overview During a recent incident I accidentally deleted a Tanzu Kubernetes Cluster which had Antrea CNI integrated with NSX. To my surprise, there was no way for NSX to identify that this cluster was not present anymore and all the cluster inventory information (nodes, namespaces, pods, etc.) were still visible in NSX manager UI under […]
Overview Antrea CNI offers a very handy feature called NodePortLocal which runs as part of the Antrea agents. This feature allows exposed Pod to be accessed from external network using specific ports opened only on the node on which that pod is running. This enables better integration with external Load Balancers which can take advantage […]
Overview In this blog post which is the last in series of posts discussing VMware Antrea IDS configuration and visibility, I am going to configure VMware Aria Operations for Logs (formerly known as vRealize LogInsight) to ingest and display VMware Antrea logs including IDS events captured by Antrea IDS Suricata engine. VMware Aria operations for […]
Overview In my previous blog post HERE I deployed VMware Antrea IDS and demonstrated how VMware IDS can secure pods running Antrea as CNI against malicious attacks, and although the feature is in tech preview it is very promising to see that VMware is committed to the vision of bringing Tanzu/Kubernetes security as an integral […]
Overview With the release of NSX 4.0.0.1 and VMware Antrea 1.5.0 came a very interesting announcement that you can now secure Antrea containers integrated with NSX using NSX IDPS i.e. leveraging threat prevention sigantures and capabilities to secure your containerised workloads. This feature is however is tech preview only at the moment, which means it is not […]
In this blog post we will be exploring how vRealize Network Insight can be used for Day0 and Day2 kubernetes operations. Using Network Insight we can gain insights into containers traffic, security requirements, utilisation and capacity planning. Lab Inventory For software versions I used the following: VMware ESXi 7.0.2.17867351 vCenter server version 7.0U3 NSX-T 3.2.0.1 […]
In part two in this blog post series, we will be integrating our kubernetes cluster which is running Antrea as CNI with NSX and will be using NSX to configure centralised security policies for container workloads running on our kubernetes cluster. Lab Inventory For software versions I used the following: VMware ESXi 7.0.2.17867351 vCenter server […]
Overview In this two parts blog post I am going to demonstrate how to setup kubernetes clusters using VMware Antrea CNI (Container Network Interface) and using NSX 3.2.x as centralised security policy manager for pods workloads running on a kubernetes cluster. In part one, I am going to introduce to fundamentals of kubernetes and kubernetes […]