Skip to main content

Module 14: Multi-Cluster & Multi-Cloud Security Slides

Slide walkthrough for Module 14 of Cloud Native Security Engineering: Securing Kubernetes, Workloads, APIs & Zero Trust Systems: Federation, cross-cloud...

This slide page is the visual review companion for the full course module. Use it to recap the architecture, examples, exercises, production warnings, and takeaways after reading the lesson.

Slide Outline

  1. Multi-Cluster & Multi-Cloud Security - Federation, cross-cloud identity, hybrid infrastructure, and trust boundaries at scale
  2. Learning Objectives - 4 outcomes for this module
  3. Why This Module Matters - Most production environments span multiple clusters, clouds, or data centers. Multi-cluster security is not an advanced
  4. Trust Domain Design - Lesson section from the full module
  5. Cross-Cloud Identity - Lesson section from the full module
  6. Hybrid Infrastructure - Lesson section from the full module
  7. Trust Boundaries - Lesson section from the full module
  8. Real-World Use Cases - Multi-cluster identity for global deployments, Cross-cloud trust between AWS and GCP
  9. Common Mistakes to Avoid - 4 mistakes covered
  10. Hands-On Labs - 1 hands-on lab
  11. Key Takeaways - 5 points to remember

Learning Objectives

  • Design trust boundaries for multi-cluster deployments
  • Implement SPIFFE federation across clusters and clouds
  • Secure hybrid infrastructure (Kubernetes + VMs)
  • Plan cross-cloud identity portability

Why This Module Matters

Most production environments span multiple clusters, clouds, or data centers. Multi-cluster security is not an advanced topic — it is the reality of modern infrastructure. This module teaches you to design trust boundaries and implement federation for real-world deployments.

Common Mistakes

  • Using one trust domain for everything (no blast radius isolation)
  • Not planning trust domain names before deployment (hard to rename)
  • Federating without understanding the security implications (full trust of remote domain)
  • Different security policies across clusters without coordination

Key Takeaways

  • Each cluster/cloud gets its own trust domain — federate to enable cross-domain trust
  • SPIFFE identity is cloud-agnostic — works across AWS, GCP, Azure, and on-prem
  • Trust boundaries should align with organizational boundaries
  • Federation is explicit — you choose which domains to trust
  • Hybrid identity (K8s + VMs) works with different attestation plugins in the same domain

Hands-On Labs

  1. Federated Trust Across Two Clusters

    Deploy SPIRE on two clusters and federate them.

    45 min - Advanced

    • Create two Kind clusters
    • Deploy SPIRE on each with different trust domains
    • Exchange trust bundles
    • Deploy services and verify cross-cluster mTLS

    View lab files on GitHub

Read the full module | Back to course curriculum