Deploying a Spring Application on K8s has become increasingly straightforward with new features in Spring Boot, such as OCI image building and micrometer metric exporting. Something that is not quite as clear is how to bulletproof a Spring Application running in a production K8s cluster.
There seems to be a gap in documentation and official guidelines on this topic. And even if there is, different teams may have different business needs and organizational challenges regarding security. What can developers do today to ensure their Spring apps are secure when running on K8s? There are no right or wrong answers.
In this solution-driven presentation, we’ll demonstrate some of the recommended patterns for microservice security, including; mTLS, HTTP authorization, and secure observability and actuators. We hope you’ll leave with a toolbox to assemble your own solution.