Zero Trust in EKS: Securing Workload Communication the Modern Way

As cloud-native architectures scale, the traditional network perimeter no longer exists. Kubernetes clusters on AWS — whether single or multi-tenant — demand a new approach to security: Zero Trust. In this session, we’ll explore how to build a Zero Trust architecture inside Amazon EKS, focusing on workload identity, authentication, authorization, and encryption across services.

Zero Trust in GKE

A comprehensive deep dive into implementing Zero Trust security architecture on Google Kubernetes Engine (GKE), emphasizing a fundamental shift from traditional perimeter-based security to a model where trust is never assumed and every interaction must be explicitly verified. By centering the discussion on the core pillars of Zero Trust—verifying explicitly, enforcing least privilege, and assuming breach—the presentation demonstrated how to leverage Google Cloud-native tools such as Workload Identity for strong authentication, Binary Authorization for supply chain integrity, and mTLS for secure service-to-service communication. This approach ensures that security is deeply integrated into the infrastructure, providing a robust defense against modern threats by continuously validating every request and minimizing the potential impact of any security incident within the Kubernetes environment.

Presented at GDG DevFest 2025 Dhaka.