Cloud native extends beyond just Kubernetes, it would be great if the Kubernetes networking did as well. The new node-to-node encryption capability introduced in the Cilium makes it possible to have workloads external to an Kubernetes cluster, such as virtual machines, participating as labeled entities in a transparently encrypted Cilium managed network alongside Kubernetes pods. Once configured as part of the secure clustermesh, not only do the external virtual machine get the benefits of transparent encryption, but also Cilium powered observability and access control via label based network policy!

This talk will review how to setup a transparently encrypted Cilium clustermesh with support for external virtual machines, how to observe these external workloads using Cilium Hubble, and provide examples of using Cilium network policy to secure access between these virtual machines and microservices running inside a Cilium managed Kubernetes clusters.