[{"data":1,"prerenderedAt":635},["ShallowReactive",2],{"collection-blogs-636675344":3,"_apollo:default":634},{"data":4,"meta":631},[5],{"id":6,"title":7,"excerpt":8,"slug":9,"createdAt":10,"updatedAt":11,"publishedAt":12,"backDate":13,"documentId":14,"imageUrl":15,"expertises":61,"author":434,"blocks":460,"seo":567},689,"Zero trust-microservices in Kubernetes met Istio: van theorie naar een werkende mTLS-setup","Zero-trust is een term die je tegenwoordig overal tegenkomt, maar in de praktijk blijft het vaak hangen bij goede intenties. Zeker in een Kubernetes-omgeving met microservices is het verrassend makkelijk om impliciet vertrouwen te laten ontstaan: services die elkaar blind vertrouwen, plaintextverkeer binnen het cluster en nauwelijks zicht op wie nou eigenlijk met wie praat.\n\nIn deze blog neem ik je mee in hoe je zero-trust concreet maakt binnen Kubernetes met Istio. Geen abstracte principes, maar een werkende setup waarin alle service-to-service communicatie standaard versleuteld is met mTLS en waarbij je expliciet bepaalt wie met wie mag praten.","zero-trust-microservices-in-kubernetes-met-istio-van-theorie-naar-een-werkende-m-tls-setup","2026-04-28T09:03:22.405Z","2026-04-29T09:03:17.525Z","2026-04-29T09:03:18.205Z","2026-04-28","jrjtfzecsuos2eq3jqfvfxmi",{"id":16,"name":17,"alternativeText":18,"caption":18,"width":19,"height":20,"formats":21,"hash":55,"ext":23,"mime":26,"size":56,"url":57,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":59,"updatedAt":59,"documentId":60,"publishedAt":59},1440,"Afb Hero Blog Zero trust in Kubernetes.png",null,1280,500,{"large":22,"small":32,"medium":39,"thumbnail":47},{"ext":23,"url":24,"hash":25,"mime":26,"name":27,"path":18,"size":28,"width":29,"height":30,"sizeInBytes":31},".png","https://incredible-beef-2a6059b946.media.strapiapp.com/large_Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22.png","large_Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22","image/png","large_Afb Hero Blog Zero trust in Kubernetes.png",733.01,1000,391,733014,{"ext":23,"url":33,"hash":34,"mime":26,"name":35,"path":18,"size":36,"width":20,"height":37,"sizeInBytes":38},"https://incredible-beef-2a6059b946.media.strapiapp.com/small_Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22.png","small_Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22","small_Afb Hero Blog Zero trust in Kubernetes.png",196.6,195,196601,{"ext":23,"url":40,"hash":41,"mime":26,"name":42,"path":18,"size":43,"width":44,"height":45,"sizeInBytes":46},"https://incredible-beef-2a6059b946.media.strapiapp.com/medium_Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22.png","medium_Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22","medium_Afb Hero Blog Zero trust in Kubernetes.png",422.47,750,293,422467,{"ext":23,"url":48,"hash":49,"mime":26,"name":50,"path":18,"size":51,"width":52,"height":53,"sizeInBytes":54},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22.png","thumbnail_Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22","thumbnail_Afb Hero Blog Zero trust in Kubernetes.png",54.64,245,96,54636,"Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22",228.96,"https://incredible-beef-2a6059b946.media.strapiapp.com/Afb_Hero_Blog_Zero_trust_in_Kubernetes_0992f3be22.png","strapi-provider-upload-strapi-cloud","2026-04-28T09:22:55.509Z","wx1bkd1rfhfmwu0ddz8kczdi",[62],{"id":63,"title":64,"subTitle":65,"description":66,"shortDescription":67,"slug":68,"createdAt":69,"updatedAt":70,"publishedAt":71,"isCoreExpertise":72,"documentId":73,"image":74,"blocks":93,"midPageBlocks":287,"seo":429},10,"Development","Maatwerkoplossingen voor ieder vraagstuk","Ons Development-team biedt oplossingen die de verwachtingen van onze opdrachtgevers overtreffen. Wij zijn experts op het gebied van alle aspecten van Development, wat ons in staat stelt om veelzijdige en schaalbare oplossingen te creëren. Van gebruiksvriendelijke interfaces tot krachtige Back-End-architecturen: wij hebben de kennis en ervaring om jouw project tot een succes te maken.","Ons Development-team biedt oplossingen die de verwachtingen van onze opdrachtgevers overtreffen. Wij zijn experts op het gebied van alle aspecten van Development, wat ons in staat stelt om veelzijdige en schaalbare oplossingen te creëren. ","development","2024-12-13T12:15:40.484Z","2025-04-11T13:13:55.384Z","2024-12-13T12:15:42.976Z",true,"lpzfadokpxn5sdnx9czcdg47",{"id":75,"name":76,"alternativeText":18,"caption":18,"width":77,"height":78,"formats":79,"hash":86,"ext":23,"mime":26,"size":87,"url":88,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":89,"updatedAt":90,"documentId":91,"publishedAt":92},950,"Logo Development 2025 web.png",282,130,{"thumbnail":80},{"ext":23,"url":81,"hash":82,"mime":26,"name":83,"path":18,"size":84,"width":52,"height":85},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_Logo_Development_2025_web_d7711df072.png","thumbnail_Logo_Development_2025_web_d7711df072","thumbnail_Logo Development 2025 web.png",8.58,113,"Logo_Development_2025_web_d7711df072",2,"https://incredible-beef-2a6059b946.media.strapiapp.com/Logo_Development_2025_web_d7711df072.png","2024-12-17T15:02:47.479Z","2024-12-19T08:35:22.054Z","okwfs117fps338v5fj5dnrpb","2026-01-05T12:38:34.018Z",[94,264],{"__component":95,"id":96,"title":97,"aside":18,"postType":98,"limit":99,"expertise":100},"strapi.related-kennisbank-list",179,"Lees meer over Development","alle",3,[101,161,215],{"id":63,"title":64,"subTitle":65,"description":66,"shortDescription":67,"slug":68,"createdAt":69,"updatedAt":70,"publishedAt":71,"isCoreExpertise":72,"documentId":73,"image":102,"blocks":105,"midPageBlocks":116,"seo":144},{"id":75,"name":76,"alternativeText":18,"caption":18,"width":77,"height":78,"formats":103,"hash":86,"ext":23,"mime":26,"size":87,"url":88,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":89,"updatedAt":90,"documentId":91,"publishedAt":92},{"thumbnail":104},{"ext":23,"url":81,"hash":82,"mime":26,"name":83,"path":18,"size":84,"width":52,"height":85},[106,107],{"__component":95,"id":96,"title":97,"aside":18,"postType":98,"limit":99},{"__component":108,"id":109,"titleLeft":110,"callToActionTextLeft":111,"callToActionLinkUrlLeft":112,"titleRight":113,"callToActionTextRight":114,"callToActionLinkUrlRight":115},"call-to-action.double",251,"Heb je een Developer nodig?","Neem contact met ons op","/contact","Zoek je een nieuwe baan?","Bekijk onze vacatures","/word-onze-collega/vacatures",[117,124,129,133,138],{"__component":118,"id":119,"title":120,"subTitle":18,"content":121,"callToActionText":18,"callToActionLink":18,"colorStyle":122,"showAsides":123},"global.alternating-page-section",47,"Optimale gebruikerservaring","Een goede Front-End is meer dan alleen een aantrekkelijke interface; het vormt de schakel tussen technologie en eindgebruiker. Onze Developers combineren hun kennis van frameworks zoals React, Angular en Vue met ervaring in geavanceerde technologieën zoals GraphQL en CI/CD pipelines. Dit stelt ons in staat om interactieve, intuïtieve en betrouwbare applicaties te ontwikkelen die voldoen aan de hoogste standaarden.\n\nWij werken nauw samen met UX-designers om via design patterns en design tokens een naadloze integratie van ontwerp naar functionaliteit te realiseren. Dankzij regelmatige LevelUp-sessies, interne projecten en kennisdeling blijven onze Front-End specialisten altijd up-to-date.","Sugar Glaze",false,{"__component":118,"id":125,"title":126,"subTitle":18,"content":127,"callToActionText":18,"callToActionLink":18,"colorStyle":128,"showAsides":123},49,"Betrouwbaarheid en schaalbaarheid","Voor robuuste Back-End-oplossingen vertrouwen we op onze kennis van .NET. Of het nu gaat om het bouwen van nieuwe applicaties, het onderhouden van bestaande software of het implementeren van geavanceerde authenticatie- en autorisatiesystemen: ons team levert maatwerk dat aansluit bij de specifieke wensen en behoeften van jouw organisatie.\n\nHierbij maken we onder andere gebruik van onze kennis van Azure-services zoals Function Apps, Service Bus en App Services, maar ook tools als Docker en Kubernetes om veilige, schaalbare oplossingen te realiseren.\n\nOnze focus op grondige tests – van unit tests tot integratietests – garandeert stabiliteit en betrouwbaarheid.","White",{"__component":118,"id":130,"title":131,"subTitle":18,"content":132,"callToActionText":18,"callToActionLink":18,"colorStyle":122,"showAsides":123},50,"Full-Stack mogelijkheden","Wat ons uniek maakt, is onze combinatie van Front-End en .NET-expertise. Onze Developers zijn niet alleen gespecialiseerd in het creëren van intuïtieve interfaces, maar beheersen ook de complexiteit van Back-End-architectuur en Azure-integraties. Dit maakt hen volwaardige Full-Stack Developers die moeiteloos schakelen tussen de verschillende onderdelen van jouw project.",{"__component":118,"id":134,"title":135,"subTitle":18,"content":136,"callToActionText":137,"callToActionLink":112,"colorStyle":128,"showAsides":123},48,"Samen naar succes","Onze aanpak is erop gericht om samen met jou het optimale resultaat te behalen. Door proactief mee te denken en onze kennis te delen, zorgen we ervoor dat jouw project voldoet aan de hoogste standaarden van gebruiksvriendelijkheid, betrouwbaarheid en veiligheid. Of het nu gaat om een tijdelijke versterking van je team of volledige projectondersteuning: ons Development-team staat voor je klaar.\n\nOntdek wat wij voor jouw project kunnen betekenen."," Neem contact met ons op voor meer informatie!",{"__component":139,"id":140,"title":141,"callToActionText":142,"callToActionLinkUrl":143,"body":18},"call-to-action.single",103,"Wil je weten wat onze collega’s allemaal kunnen?","Lees de klantcase over ons werk bij Rovict","https://www.sharevalue.nl/klantcases/rovict-vernieuwt-leerlingadministratie-en-leerlingvolgsysteem-esis",{"id":145,"metaTitle":146,"metaDescription":147,"structuredData":148},27,"Maatwerk software & integraties – ShareValue Development","Van webapps tot koppelingen: onze developers bouwen slimme oplossingen die passen bij jouw Microsoft-omgeving.",{"url":149,"@type":150,"@context":151,"provider":152,"areaServed":156,"description":159,"serviceType":160},"https://www.sharevalue.nl/wat-we-doen/development","Service","https://schema.org",{"url":153,"name":154,"@type":155},"https://www.sharevalue.nl","ShareValue","Organization",{"name":157,"@type":158},"Nederland","Country","Onze developers realiseren maatwerkoplossingen binnen Microsoft-omgevingen. Denk aan webapplicaties, API-integraties, extensies voor Microsoft 365 en koppelingen met externe systemen. Technisch sterk én begrijpelijk ingericht.","Maatwerk softwareontwikkeling en integraties",{"id":87,"title":162,"subTitle":163,"description":164,"shortDescription":165,"slug":166,"createdAt":167,"updatedAt":168,"publishedAt":169,"isCoreExpertise":123,"documentId":170,"image":171,"blocks":185,"midPageBlocks":193,"seo":18},"Front-End","Steeds complexer en steeds belangrijker","In een online wereld vol moderne webapplicaties is een goede Front-End onmisbaar. Het is nodig om aan de behoeften en verwachtingen van de gebruikers te voldoen. De interactie voor de gebruiker moet daarbij zo snel en optimaal mogelijk zijn. Met trots kunnen wij zeggen dat juist dáár de kracht van onze Front-End Developers zit.\n\nOnze ervaren Developers staan klaar om jouw team te versterken en te zorgen voor een optimale gebruikerservaring. Of je nu een tijdelijke aanvulling op je team nodig hebt of op zoek bent naar gespecialiseerde kennis voor een specifiek project, onze Front-End Developers zijn uitgerust om de uitdagingen van onze klanten aan te gaan en hun doelen te bereiken.","Onze Front-End developers zijn bedreven in diverse programmeertalen, frameworks en methodieken en daardoor breed inzetbaar.","front-end","2023-08-17T09:50:12.632Z","2024-12-13T12:15:57.609Z","2023-08-17T09:50:14.418Z","l6bdicvjcb7ue03zpciuc888",{"id":172,"name":173,"alternativeText":18,"caption":18,"width":77,"height":78,"formats":174,"hash":180,"ext":23,"mime":26,"size":181,"url":182,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":183,"updatedAt":183,"documentId":184,"publishedAt":92},15,"frontend.png",{"thumbnail":175},{"ext":23,"url":176,"hash":177,"mime":26,"name":178,"path":18,"size":179,"width":52,"height":85},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_frontend_d8fa4dbfc1.png","thumbnail_frontend_d8fa4dbfc1","thumbnail_frontend.png",5.3,"frontend_d8fa4dbfc1",1.19,"https://incredible-beef-2a6059b946.media.strapiapp.com/frontend_d8fa4dbfc1.png","2023-08-17T09:47:56.273Z","gyo35xg1rnualaf1vog9edz8",[186,190],{"__component":95,"id":187,"title":188,"aside":189,"postType":98,"limit":99},161,"Lees meer over Front-End Development","Onze blogs",{"__component":108,"id":191,"titleLeft":192,"callToActionTextLeft":111,"callToActionLinkUrlLeft":112,"titleRight":113,"callToActionTextRight":114,"callToActionLinkUrlRight":115},210,"Heb je een Front-End Developer nodig?",[194,199,203,207,211],{"__component":118,"id":195,"title":196,"subTitle":18,"content":197,"callToActionText":198,"callToActionLink":112,"colorStyle":18,"showAsides":18},20,"Experts in verschillende frameworks","De huidige markt wordt al enige jaren gedomineerd door de drie grote Front-End frameworks: Angular, Vue en React. Voor elk framework hebben wij experts die altijd up-to-date blijven van de laatste ontwikkelingen. Hierdoor kunnen wij aan alle wensen voldoen. Het houdt de interactie binnen het team ook levendig; we sparren vaak en organiseren regelmatig LevelUp-sessies om elkaar op de hoogte te houden.","Neem contact op voor de mogelijkheden",{"__component":118,"id":200,"title":201,"subTitle":18,"content":202,"callToActionText":18,"callToActionLink":18,"colorStyle":18,"showAsides":18},22,"Meer dan HTML, CSS en Javascript","Over het algemeen bestaat een Front-End framework uit HTML, CSS en Javascript, maar als Front-End competence in een multidisciplinaire agile omgeving doen we steeds meer. Of het nu gaat om de integratie van middleware zoals GraphQL of het inrichten van een pipeline voor productie- en staging-omgevingen. Wij weten wat we ermee moeten doen. Onze experts zijn zeer bekwaam en ervaren in de samenwerking met UX-designers. Door het gebruik van design patterns en design tokens zorgen ze voor een naadloze integratie van ontwerp naar ontwikkeling.",{"__component":118,"id":204,"title":205,"subTitle":18,"content":206,"callToActionText":18,"callToActionLink":18,"colorStyle":18,"showAsides":18},21,"Kennis up-to-date","De Front-End Developers krijgen ruim de mogelijkheid om hun kennis up-to-date te houden door trainingen te volgen en evenementen te bezoeken. Maar wat is leerzamer dan de opgedane kennis in de praktijk brengen? Daarvoor hebben we binnen ShareValue een aantal interne projecten lopen zoals de herbouw van onze website met Nuxt met een Strapi CMS, en de ontwikkeling van een eigen CV-generator met Angular. De kennis die onze experts opdoen, delen zij regelmatig in blogs.",{"__component":118,"id":208,"title":209,"subTitle":18,"content":210,"callToActionText":18,"callToActionLink":18,"colorStyle":18,"showAsides":18},23,"Full-Stack Development","Onze Developers zijn niet alleen experts in Front-End technieken, maar ook getraind in .NET en Azure. Dit verbreedt hun vaardigheden en maakt hen volwaardige Full-Stack Developers. Wat natuurlijk niet wegneemt dat wij trots zijn op onze specialistische kennis als Front-End Developers. ",{"__component":139,"id":212,"title":213,"callToActionText":142,"callToActionLinkUrl":214,"body":18},100,"Wil je weten wat onze collega's allemaal kunnen?","/klantcases/rovict-vernieuwt-leerlingadministratie-en-leerlingvolgsysteem-esis",{"id":99,"title":216,"subTitle":65,"description":217,"shortDescription":218,"slug":219,"createdAt":220,"updatedAt":221,"publishedAt":222,"isCoreExpertise":123,"documentId":223,"image":224,"blocks":238,"midPageBlocks":246,"seo":18},"Microsoft .NET","Ons team van .NET-experts staat niet alleen klaar om onze klanten te ondersteunen bij diverse implementatie uitdagingen, maar we zijn ook gespecialiseerd in het testen van applicaties op verschillende niveaus, zoals unit tests, integratietests en acceptatietests. We streven naar uitmuntende testdekking om de stabiliteit en betrouwbaarheid van de applicaties te waarborgen.\n\nDaarnaast zijn we bedreven in het gebruik van verschillende Azure-services om schaalbare en veilige oplossingen te bieden aan onze klanten. Zo bieden we met Azure DevOps krachtige tools voor het beheren van de ontwikkeling, het automatiseren van tests en het geautomatiseerd uitrollen naar acceptatie- of productieomgevingen met CI/CD-pipelines.\n\nHet samenwerken met onze klanten staat centraal in ons werk, en we denken proactief mee om samen de meest optimale oplossingen te realiseren.","In de praktijk komen de .NET developers van ShareValue terecht in allerlei verschillende branches met uiteenlopende technische uitdagingen.","dotnet","2023-08-17T11:19:57.991Z","2024-12-13T12:16:04.480Z","2023-08-17T11:22:08.050Z","v9pl553hsjk98esvs5gzoso3",{"id":225,"name":226,"alternativeText":18,"caption":18,"width":77,"height":78,"formats":227,"hash":233,"ext":23,"mime":26,"size":234,"url":235,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":236,"updatedAt":236,"documentId":237,"publishedAt":92},17,"dotnet_logo.png",{"thumbnail":228},{"ext":23,"url":229,"hash":230,"mime":26,"name":231,"path":18,"size":232,"width":52,"height":85},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_dotnet_logo_d38dbc3865.png","thumbnail_dotnet_logo_d38dbc3865","thumbnail_dotnet_logo.png",7.14,"dotnet_logo_d38dbc3865",2.93,"https://incredible-beef-2a6059b946.media.strapiapp.com/dotnet_logo_d38dbc3865.png","2023-08-17T09:47:56.313Z","nnimzsossci29qmi8z0texlp",[239,242],{"__component":95,"id":240,"title":241,"aside":18,"postType":98,"limit":99},167," Lees meer over .NET Development",{"__component":108,"id":243,"titleLeft":244,"callToActionTextLeft":111,"callToActionLinkUrlLeft":112,"titleRight":245,"callToActionTextRight":111,"callToActionLinkUrlRight":112},212,"Heb je een .NET expert nodig?","Weten welke expert op dit moment beschikbaar is?",[247,252,256,260],{"__component":118,"id":248,"title":249,"subTitle":18,"content":250,"callToActionText":251,"callToActionLink":112,"colorStyle":18,"showAsides":18},36,"Bouwen en testen","Onze .NET-experts kunnen uiteraard goede en betrouwbare applicaties ontwikkelen met de laatste .NET-versies. Ook zijn onze collega’s ervaren in het onderhouden van oudere software. We kunnen je helpen met het upgraden en uitbreiden van je applicatie zodat deze aan de laatste wensen en eisen voldoet. Het uitvoeren van uitgebreide unit- en integratietests om de stabiliteit van applicaties te waarborgen, wordt meegenomen als standaard onderdeel van het werk. Met een focus op grondige testdekking streven we ernaar om eventuele bugs vroegtijdig op te sporen en op te lossen, waardoor de algehele kwaliteit van jouw product wordt verbeterd.  \n\nVan Blazor Front-End of REST API’s tot database communicatie, onze .NET-experts hebben er ruime ervaring mee.","Weten wat onze experts voor jou kunnen doen?",{"__component":118,"id":253,"title":254,"subTitle":18,"content":255,"callToActionText":18,"callToActionLink":18,"colorStyle":18,"showAsides":18},37,"Combineren met Azure","Wil je profiteren van Azure-services voor jouw project? Ons team van experts kan je helpen met het selecteren en opzetten van de juiste services. Of je gebruik wil maken van App services, Function Apps, storage of database oplossingen of bijvoorbeeld een Service Bus, onze experts kunnen je helpen bij het kiezen en het realiseren van stabiele, schaalbare en veilige oplossingen die voldoen aan jouw specifieke behoeften.",{"__component":118,"id":257,"title":258,"subTitle":18,"content":259,"callToActionText":18,"callToActionLink":18,"colorStyle":18,"showAsides":18},35,"Houd het veilig!","Om de toegang tot je producten veilig te houden, kan ons team van .NET-experts je helpen bij het opzetten en onderhouden van authenticatie en autorisatie. Onze experts zijn ervaren in het opzetten de juiste entra diensten zodat de toegang tot zowel Front-End als Back-End of deamon-processen op een juiste manier afgehandeld wordt. Ook kunnen we je helpen met het opzetten van verschillende groepen, rechten en rollen, en deze op de juiste manier toepassen binnen de applicatie zodat onterechte toegang op functieniveau geregeld kan worden. Bij het opzetten en implementeren wordt er rekening gehouden met het reduceren van de administratieve overhead zonder concessies te doen aan de beveiliging.",{"__component":139,"id":261,"title":213,"callToActionText":262,"callToActionLinkUrl":263,"body":18},46,"Lees de klantcase over ons werk bij KPN","/klantcases/de-continue-bereikbaarheid-van-een-alarmcentrale",{"__component":108,"id":109,"titleLeft":110,"callToActionTextLeft":111,"callToActionLinkUrlLeft":112,"titleRight":113,"callToActionTextRight":114,"callToActionLinkUrlRight":115,"iconUrlLeft":265,"iconUrlRight":278},{"id":266,"name":267,"alternativeText":18,"caption":18,"width":268,"height":269,"formats":18,"hash":270,"ext":271,"mime":272,"size":273,"url":274,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":275,"updatedAt":276,"documentId":277,"publishedAt":92},7,"people.svg",83,60,"people_6bb632d0d7",".svg","image/svg+xml",1.47,"https://incredible-beef-2a6059b946.media.strapiapp.com/people_6bb632d0d7.svg","2023-08-17T08:31:37.039Z","2024-09-13T08:11:42.408Z","iyvqylwtkx5qokq2hk77ppgf",{"id":279,"name":280,"alternativeText":18,"caption":18,"width":125,"height":269,"formats":18,"hash":281,"ext":271,"mime":272,"size":282,"url":283,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":284,"updatedAt":285,"documentId":286,"publishedAt":92},372,"magnifier.svg","magnifier_d084afba36",1.05,"https://incredible-beef-2a6059b946.media.strapiapp.com/magnifier_d084afba36.svg","2023-11-03T11:13:25.446Z","2026-05-12T12:19:53.518Z","e7czsfz9jg7oi93q44vomebz",[288,326,356,387,417],{"__component":118,"id":119,"title":120,"subTitle":18,"content":121,"callToActionText":18,"callToActionLink":18,"colorStyle":122,"showAsides":123,"imageUrl":289},{"id":290,"name":291,"alternativeText":18,"caption":18,"width":19,"height":292,"formats":293,"hash":321,"ext":295,"mime":298,"size":322,"url":323,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":324,"updatedAt":324,"documentId":325,"publishedAt":92},904,"development.jpg",850,{"large":294,"small":302,"medium":308,"thumbnail":314},{"ext":295,"url":296,"hash":297,"mime":298,"name":299,"path":18,"size":300,"width":29,"height":301},".jpg","https://incredible-beef-2a6059b946.media.strapiapp.com/large_development_6e5abdca44.jpg","large_development_6e5abdca44","image/jpeg","large_development.jpg",129.5,664,{"ext":295,"url":303,"hash":304,"mime":298,"name":305,"path":18,"size":306,"width":20,"height":307},"https://incredible-beef-2a6059b946.media.strapiapp.com/small_development_6e5abdca44.jpg","small_development_6e5abdca44","small_development.jpg",47.86,332,{"ext":295,"url":309,"hash":310,"mime":298,"name":311,"path":18,"size":312,"width":44,"height":313},"https://incredible-beef-2a6059b946.media.strapiapp.com/medium_development_6e5abdca44.jpg","medium_development_6e5abdca44","medium_development.jpg",86.06,498,{"ext":295,"url":315,"hash":316,"mime":298,"name":317,"path":18,"size":318,"width":319,"height":320},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_development_6e5abdca44.jpg","thumbnail_development_6e5abdca44","thumbnail_development.jpg",14.65,235,156,"development_6e5abdca44",184.35,"https://incredible-beef-2a6059b946.media.strapiapp.com/development_6e5abdca44.jpg","2024-12-13T12:36:11.969Z","qqi9wubjpzs8w6daj98mtc7a",{"__component":118,"id":125,"title":126,"subTitle":18,"content":127,"callToActionText":18,"callToActionLink":18,"colorStyle":128,"showAsides":123,"imageUrl":327},{"id":328,"name":329,"alternativeText":18,"caption":18,"width":19,"height":292,"formats":330,"hash":351,"ext":295,"mime":298,"size":352,"url":353,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":354,"updatedAt":354,"documentId":355,"publishedAt":92},791,"service bus.jpg",{"large":331,"small":336,"medium":341,"thumbnail":346},{"ext":295,"url":332,"hash":333,"mime":298,"name":334,"path":18,"size":335,"width":29,"height":301},"https://incredible-beef-2a6059b946.media.strapiapp.com/large_service_bus_2b48e3a7cc.jpg","large_service_bus_2b48e3a7cc","large_service bus.jpg",82.82,{"ext":295,"url":337,"hash":338,"mime":298,"name":339,"path":18,"size":340,"width":20,"height":307},"https://incredible-beef-2a6059b946.media.strapiapp.com/small_service_bus_2b48e3a7cc.jpg","small_service_bus_2b48e3a7cc","small_service bus.jpg",29.35,{"ext":295,"url":342,"hash":343,"mime":298,"name":344,"path":18,"size":345,"width":44,"height":313},"https://incredible-beef-2a6059b946.media.strapiapp.com/medium_service_bus_2b48e3a7cc.jpg","medium_service_bus_2b48e3a7cc","medium_service bus.jpg",54.72,{"ext":295,"url":347,"hash":348,"mime":298,"name":349,"path":18,"size":350,"width":319,"height":320},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_service_bus_2b48e3a7cc.jpg","thumbnail_service_bus_2b48e3a7cc","thumbnail_service bus.jpg",8.71,"service_bus_2b48e3a7cc",117.51,"https://incredible-beef-2a6059b946.media.strapiapp.com/service_bus_2b48e3a7cc.jpg","2024-08-09T08:35:35.231Z","rbpawsulv6vrsistrk2yupwg",{"__component":118,"id":130,"title":131,"subTitle":18,"content":132,"callToActionText":18,"callToActionLink":18,"colorStyle":122,"showAsides":123,"imageUrl":357},{"id":358,"name":359,"alternativeText":18,"caption":18,"width":19,"height":292,"formats":360,"hash":381,"ext":295,"mime":298,"size":382,"url":383,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":384,"updatedAt":385,"documentId":386,"publishedAt":92},778,"stack.jpg",{"large":361,"small":366,"medium":371,"thumbnail":376},{"ext":295,"url":362,"hash":363,"mime":298,"name":364,"path":18,"size":365,"width":29,"height":301},"https://incredible-beef-2a6059b946.media.strapiapp.com/large_stack_fec3a2bfae.jpg","large_stack_fec3a2bfae","large_stack.jpg",95.19,{"ext":295,"url":367,"hash":368,"mime":298,"name":369,"path":18,"size":370,"width":20,"height":307},"https://incredible-beef-2a6059b946.media.strapiapp.com/small_stack_fec3a2bfae.jpg","small_stack_fec3a2bfae","small_stack.jpg",29.21,{"ext":295,"url":372,"hash":373,"mime":298,"name":374,"path":18,"size":375,"width":44,"height":313},"https://incredible-beef-2a6059b946.media.strapiapp.com/medium_stack_fec3a2bfae.jpg","medium_stack_fec3a2bfae","medium_stack.jpg",58.57,{"ext":295,"url":377,"hash":378,"mime":298,"name":379,"path":18,"size":380,"width":319,"height":320},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_stack_fec3a2bfae.jpg","thumbnail_stack_fec3a2bfae","thumbnail_stack.jpg",8.24,"stack_fec3a2bfae",143.32,"https://incredible-beef-2a6059b946.media.strapiapp.com/stack_fec3a2bfae.jpg","2024-08-08T08:26:50.506Z","2024-12-09T10:18:46.269Z","kpz9iiz9dr551k3umhmtwy3k",{"__component":118,"id":134,"title":135,"subTitle":18,"content":136,"callToActionText":137,"callToActionLink":112,"colorStyle":128,"showAsides":123,"imageUrl":388},{"id":389,"name":390,"alternativeText":18,"caption":18,"width":19,"height":292,"formats":391,"hash":412,"ext":295,"mime":298,"size":413,"url":414,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":415,"updatedAt":415,"documentId":416,"publishedAt":92},789,"teamwork.jpg",{"large":392,"small":397,"medium":402,"thumbnail":407},{"ext":295,"url":393,"hash":394,"mime":298,"name":395,"path":18,"size":396,"width":29,"height":301},"https://incredible-beef-2a6059b946.media.strapiapp.com/large_teamwork_8f4a7b0c14.jpg","large_teamwork_8f4a7b0c14","large_teamwork.jpg",80.4,{"ext":295,"url":398,"hash":399,"mime":298,"name":400,"path":18,"size":401,"width":20,"height":307},"https://incredible-beef-2a6059b946.media.strapiapp.com/small_teamwork_8f4a7b0c14.jpg","small_teamwork_8f4a7b0c14","small_teamwork.jpg",27.14,{"ext":295,"url":403,"hash":404,"mime":298,"name":405,"path":18,"size":406,"width":44,"height":313},"https://incredible-beef-2a6059b946.media.strapiapp.com/medium_teamwork_8f4a7b0c14.jpg","medium_teamwork_8f4a7b0c14","medium_teamwork.jpg",51.59,{"ext":295,"url":408,"hash":409,"mime":298,"name":410,"path":18,"size":411,"width":319,"height":320},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_teamwork_8f4a7b0c14.jpg","thumbnail_teamwork_8f4a7b0c14","thumbnail_teamwork.jpg",8.11,"teamwork_8f4a7b0c14",116.53,"https://incredible-beef-2a6059b946.media.strapiapp.com/teamwork_8f4a7b0c14.jpg","2024-08-08T10:07:23.468Z","uo85gvimf7llsbaoahqw08m3",{"__component":139,"id":140,"title":141,"callToActionText":142,"callToActionLinkUrl":143,"body":18,"imageUrl":418},{"id":419,"name":420,"alternativeText":18,"caption":18,"width":421,"height":422,"formats":18,"hash":423,"ext":271,"mime":272,"size":424,"url":425,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":426,"updatedAt":427,"documentId":428,"publishedAt":92},6,"bulb.svg",71,70,"bulb_dd2e1d4efb",3.75,"https://incredible-beef-2a6059b946.media.strapiapp.com/bulb_dd2e1d4efb.svg","2023-08-17T08:31:37.036Z","2025-04-01T14:08:08.648Z","l2lglwkh4lf7ip36sjvs42rc",{"id":145,"metaTitle":146,"metaDescription":147,"structuredData":430,"metaImage":18,"metaSocial":433},{"url":149,"@type":150,"@context":151,"provider":431,"areaServed":432,"description":159,"serviceType":160},{"url":153,"name":154,"@type":155},{"name":157,"@type":158},[],{"id":435,"name":436,"jobTitle":437,"about":18,"createdAt":438,"updatedAt":439,"publishedAt":440,"documentId":441,"image":442,"contactOptions":459},93,"Addy","Developer","2024-02-02T09:32:41.187Z","2024-12-13T12:48:23.802Z","2024-02-02T09:33:24.687Z","y5qlgt46f557btuk3osooy3r",{"id":443,"name":444,"alternativeText":18,"caption":18,"width":445,"height":446,"formats":447,"hash":454,"ext":23,"mime":26,"size":455,"url":456,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":457,"updatedAt":457,"documentId":458,"publishedAt":92},510,"Addy websitefoto.png",278,326,{"thumbnail":448},{"ext":23,"url":449,"hash":450,"mime":26,"name":451,"path":18,"size":452,"width":453,"height":320},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_Addy_websitefoto_2a4336ae82.png","thumbnail_Addy_websitefoto_2a4336ae82","thumbnail_Addy websitefoto.png",19.54,133,"Addy_websitefoto_2a4336ae82",22.83,"https://incredible-beef-2a6059b946.media.strapiapp.com/Addy_websitefoto_2a4336ae82.png","2024-02-02T11:30:19.292Z","yy1m6laq3rjunxfpjapwfm5b",[],[461,465,468,471,474,477,481,484,487,490,493,496,499,514],{"__component":462,"id":463,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":18,"content":464,"introductionText":18},"global.pagesection",4933,"## Doelstellingen\n\nHet doel is om al het netwerkverkeer tussen services via een TLS-verbinding te laten lopen waarbij de gebruikte certificaten kortdurend zijn en automatisch geüpdatet worden.\nDaarnaast mogen zowel de frontend-pod als backend-pod geen verbindingen zonder TLS meer accepteren.\n\n![Afb1 Blog Zero trust in Kubernetes.jpg](https://incredible-beef-2a6059b946.media.strapiapp.com/Afb1_Blog_Zero_trust_in_Kubernetes_887fdffb5a.jpg)",{"__component":462,"id":466,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":18,"content":467,"introductionText":18},4934,"## Zo leg je de basis voor zero-trust in Kubernetes\n\nEen zero-trust-setup begint niet met policies, maar met zicht en controle over je verkeer. In Kubernetes betekent dat in de praktijk dat je een service mesh nodig hebt.Voor dit blog heb ik Istio gekozen. Istio is een breed bekende service mesh met goede ondersteuning. Daarnaast hebben we nog een paar componenten nodig, HashiCorp Vault als PKI (Public Key Infrastructure) en een certificaatmanager. \nDe kubectl, Helm en HashiCorp Vault moeten lokaal geïnstalleerd zijn om de scripts uit te kunnen voeren. Uiteraard heb je toegang nodig tot een Kubernetes-cluster.",{"__component":462,"id":469,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":18,"content":470,"introductionText":18},4935,"## Zo installeer je Istio, Vault en cert-manager\n\nAls eerste gaan we Istio, Vault en cert-manager in het cluster installeren. Daarna gaan we deze op de juiste manier configureren zodat het geheel goed samenwerkt om de mTLS binnen het cluster te laten werken met kortdurende certificaten.\n\n### Istio\nIstio kan geïnstalleerd worden met het volgende script:\n\n```\n$version = \"1.29.1\"   # check latest version op istio.io\n$url = \"https://github.com/istio/istio/releases/download/$version/istio-$version-win.zip\"\nInvoke-WebRequest $url -OutFile \"istio.zip\"\nExpand-Archive istio.zip -DestinationPath .\n$istioPath = (Get-ChildItem -Directory | Where-Object { $_.Name -like \"istio-*\" }).FullName\n$env:PATH += \";$istioPath\\bin\"\n[Environment]::SetEnvironmentVariable(\"PATH\", $env:PATH + \";$istioPath\\bin\", [EnvironmentVariableTarget]::User)\n\nistioctl install --set profile=demo -y\n```\nLet op: we gebruiken hier het demoprofiel van Istio wat niet geschikt is voor productie. Dit profiel is wel geschikt om Istio te leren gebruiken. \n--set profile=default is wel geschikt als uitgangspunt voor productie.",{"__component":462,"id":472,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":18,"content":473,"introductionText":18},4936,"### HashiCorp Vault\n\nVoor de installatie van Vault nemen we een paar stappen:\n\nCreëren van een namespace:\n```\nkubectl create namespace vault\n```\n\nCreëren van een Vault-pod, voer het volgende script uit:\n```\n@\"\napiVersion: v1\nkind: Pod\nmetadata:\n  name: vault\n  namespace: vault\nspec:\n  containers:\n  - name: vault\n    image: hashicorp/vault:1.15\n    args:\n      - \"server\"\n      - \"-dev\"\n      - \"-dev-root-token-id=root\"\n    ports:\n      - containerPort: 8200\n\"@ | kubectl apply -f -\n```\n\nConfigureren van de Vault-PKI, voer onderstaande commando's uit (PowerShell):\n\nPort forward naar de vault pod:\n```\nkubectl port-forward -n vault pod/vault 8200:8200\n```\nZet de volgende environment variabelen:\n```\n$env:VAULT_ADDR=\"http://127.0.0.1:8200\"\n$env:VAULT_TOKEN=\"root\"\n```\nVoer de volgende commando's uit om de PKI te configureren:\n```\nvault secrets enable pki\nvault secrets tune -max-lease-ttl=8760h pki\n```\nCreëer een root certificate authority (CA) en genereer een self-signed root certificate:\n```\nvault write pki/root/generate/internal common_name=\"cluster.local\" ttl=8760h\n```\nCreëer een rol die het uitgeven van certificaten voor het domein \"svc.cluser.local\" en de subdomeinen toestaat, met een maximale TTL van 72 uur:\n```\nvault write pki/roles/istio-role allowed_domains=\"svc.cluster.local\" allow_subdomains=true max_ttl=\"72h\"\n```",{"__component":462,"id":475,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":18,"content":476,"introductionText":18},4937,"## Cert-manager\n\nDe installatie van cert-manager doen we direct vanuit de GitHub-repository. Voor productie is het uiteraard verstandig om een specifieke versie te gebruiken.\n\nInstalleer de cert-manager:\n\n```\nkubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml\n```\n\nControleer de installatie:\n\n```\nkubectl rollout status deployment/cert-manager -n cert-manager\n```\n\nNu gaan we de cert-manager aan Vault koppelen:\n\n```\nkubectl create secret generic vault-token --from-literal=token=root -n cert-manager\n```\n\nLet op: we hebben nu alles opgezet met ‘root’ als token, dit is puur voor demo doeleinden. Voor productie is een degelijk token nodig.\nWe gebruiken nu een ClusterIssuer om te zorgen dat cert-manager de certificaten kan uitgeven door het volgende script uit te voeren:\n\n```\n@\"\napiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n  name: vault-issuer\nspec:\n  vault:\n    server: http://vault.vault.svc.cluster.local:8200\n    path: pki/sign/istio-role\n    auth:\n      tokenSecretRef:\n        name: vault-token\n        key: token\n\"@ | kubectl apply -f -\n```\n\nNa het uitvoeren van deze stappen hebben we de componenten klaarstaan om een namespace aan te maken waarbinnen TLS-verbindingen automatisch geregeld en afgedwongen worden.",{"__component":462,"id":478,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":479,"content":480,"introductionText":18},4938,"","## Zo dwing je mTLS af binnen de namespace\n\nNa het installeren van alle componenten kunnen we nu een namespace opzetten waarbinnen de mTLS geregeld en afgedwongen wordt. Door de namespace het label ’istio-injection=enabled’ te geven, wordt deze door de Istio-operator in de gaten gehouden. Wanneer er een nieuwe pod gecreëerd wordt, wordt deze direct voorzien van een initcontainer en een sidecar.\n\nDe init-container verzorgt het updaten van de iptables van de pod, waardoor inkomend- en uitgaand verkeer via de Istio-sidecarproxy gerouteerd wordt, waarna de Istio-sidecarproxy de certificaatafhandeling doet.\n\nVoer de volgende commando’s uit om een namespace te maken en het label te plaatsen, waardoor Istio de namespace zal monitoren:\n\n```\nkubectl create namespace demo\nkubectl label namespace demo istio-injection=enabled\n```\n\nNadat we dit gedaan hebben, zal Istio de init-container en de sidecar bij het creëren van een pod injecteren, maar deze pods zullen nog steeds connecties accepteren zonder TLS, aangezien we Istio nog niet verteld hebben hoe strict wij willen zijn. De default setting voor Istio is “Permissive”, wat inhoudt dat zowel plaintext als TLS-verkeer toegestaan is.\n\nVoer het volgende script uit om uitsluitend TLS-verkeer toe te laten, de Istio-strictmode:\n\n```\n@\"\napiVersion: security.istio.io/v1beta1\nkind: PeerAuthentication\nmetadata:\n  name: strict\n  namespace: demo\nspec:\n  mtls:\n    mode: STRICT\n\"@ | kubectl apply -f -\n```\n\nDe PeerAuthentication bepaalt wat voor binnenkomend verkeer er geaccepteerd wordt. Aangezien we van een frontend-pod naar een backend-pod binnen dezelfde namespace willen communiceren, moet het uitgaande verkeer dus ook aangepast worden.\n\nVoer het volgende script uit om het uitgaande verkeer ook van mTLS-versleuteling te voorzien:\n\n```\n@\"\napiVersion: networking.istio.io/v1beta1\nkind: DestinationRule\nmetadata:\n  name: default\n  namespace: demo\nspec:\n  host: \"*.demo.svc.cluster.local\"\n  trafficPolicy:\n    tls:\n      mode: ISTIO_MUTUAL\n\"@ | kubectl apply -f -\n```\n\nAl het verkeer naar hosts binnen de ‘demo’-namespace zal gebruikmaken van mTLS.\nVanaf dit moment wordt alle communicatie tussen de pods versleuteld.",{"__component":462,"id":482,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":18,"content":483,"introductionText":18},4939,"## Veelvoorkomende problemen en hoe je ze oplost\n\nEr zijn veel momenten waarop je tegen uitdagingen kunt aanlopen, en de meeste hebben te maken met het tijdstip waarop acties in gang worden gezet:\n- Pods die al draaien, krijgen geen sidecars geïnjecteerd.\n  - Voor deployments kan de rollout herstart worden: _kubectl rollout restart deployment \u003Cdeployment> -n \u003Cnamespace>_\n- De certificaten worden automatisch hernieuwd, maar wanneer je cluster niet actief is op het moment dat de deadline verloopt en het window gemist wordt, moet het geheel handmatig weer op gang gebracht worden. \n  - Istio moet herstart worden: _kubectl rollout restart deployment istiod -n istio-system_\n  - Alle pods moeten opnieuw uitgerold worden; zie hierboven.",{"__component":462,"id":485,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":18,"content":486,"introductionText":18},4940,"## Ingress-setup\nWe hebben nu het systeem zover dat alle communicatie binnen de namespace versleuteld is en dat niet-versleuteld verkeer geweerd wordt. Dit houdt in ons geval in dat als we een ingress configuratie opstellen voor het benaderen van de frontend het verkeer van de Ingress controller naar onze pod zonder aanpassingen niet mogelijk is. \n\nOm toch te zorgen dat de frontend app toch benaderd kan worden vanuit de Ingress, moeten we nog enkele configuraties toevoegen:\n\n**Een ‘AuthorizationPolicy’**\n\nDit is een Istio-policy die bepaalt wie een specifieke service mag benaderen. Voor deze policy zullen we het serviceaccount van de Istio-ingressgateway toestemming moeten geven om de service van onze frontend-pod te benaderen.\n\n```\n@\"\napiVersion: security.istio.io/v1beta1\nkind: AuthorizationPolicy\nmetadata:\n  name: allow-ingress\n  namespace: demo\nspec:\n  selector:\n    matchLabels:\n      app: frontendapp\n  rules:\n  - from:\n    - source:\n        principals:\n          - \"cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account\"\n\"@ | kubectl apply -f -\n\n```\nLet op: Na het aanpassen van de AuthorizationPolicy moet de Istio-gatewaydeployment herstart worden voordat de autorisaties toegepast worden. \n\n\n```\nkubectl rollout restart deployment istio-ingressgateway -n istio-system\n```\n\nDe Istio-ingress houdt rekening met de DestinationPolicy, waardoor deze nu ook het uitgaande verkeer voorziet van mTLS-versleuteling.\n\n**De Istio-‘Gateway’ en ‘VirtualService’**\n\nDit vertelt de Istio-ingress om een poort te openen (Gateway) en  vervolgens (VirtualService) verkeer door te sturen naar onze frontend-appservice:\n\n```\n@\"\napiVersion: networking.istio.io/v1beta1\nkind: Gateway\nmetadata:\n  name: frontendapp-gateway\n  namespace: demo\nspec:\n  selector:\n    istio: ingressgateway # use istio default controller\n  servers:\n  - port:\n      number: 80\n      name: http\n      protocol: HTTP\n    hosts:\n    - \"*\"\n\n---\n\napiVersion: networking.istio.io/v1beta1\nkind: VirtualService\nmetadata:\n  name: frontendapp\n  namespace: demo\nspec:\n  hosts:\n  - \"*\"\n  gateways:\n  - frontendapp-gateway\n  http:\n  - match:\n    - uri:\n        prefix: /\n    route:\n    - destination:\n        host: frontendapp.demo.svc.cluster.local\n        port:\n          number: 8000\n\n\"@ | kubectl apply -f -\n```\n\n",{"__component":462,"id":488,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":18,"content":489,"introductionText":18},4941,"## Conclusie\nDoor gebruik te maken van Istio kunnen we het verkeer tussen pods eenvoudig voorzien van mTLS met een kortlevend (72h) certificaat. \nEr moet expliciet aangegeven worden dat binnenkomend verkeer versleuteld moet zijn (strict) door middel van mTLS en er moet expliciet aangegeven worden dat het uitgaande verkeer versleuteld moet worden. Daarnaast moet er rekening gehouden worden met verbindingen van buiten de namespace, zoals een ingressverbinding. Als dit het geval is, moet er voor het serviceaccount van de verzendende pod een AutorisatiePolicy geconfigureerd zijn.\n",{"__component":462,"id":491,"title":18,"asideText":18,"underline":123,"centered":123,"blankAside":123,"aside":18,"content":492,"introductionText":18},4942,"## Tot slot\n\nHet is naast mTLS ook een goed idee om alle pods te voorzien van een network policy oftewel een Kubernetes-firewall. Hierdoor kan het inkomende en uitgaande verkeer tussen pods of namespaces toegestaan of beperkt worden. \nWanneer je verschillende namespaces hebt met afzonderlijke applicaties, is het vaak aan te raden het verkeer tussen de namespaces via de externe gateway te laten verlopen om ingewikkelde configuraties tussen namespaces te voorkomen.\n\nWil je dit toepassen in een productie omgeving of sparren over de juiste architectuur? \nNeem [contact](https://sharevalue.nl/contact) met ons op en we helpen je graag op weg.\n",{"__component":494,"id":495,"title":18,"showBlankAside":123},"global.social-sharing",557,{"__component":497,"id":498,"name":436,"jobTitle":437},"strapi.author-card",436,{"__component":108,"id":500,"titleLeft":110,"callToActionTextLeft":111,"callToActionLinkUrlLeft":112,"titleRight":501,"callToActionTextRight":502,"callToActionLinkUrlRight":503,"iconUrlLeft":504,"iconUrlRight":505},686,"Werken in ons Development-team?","Klik hier","/word-onze-collega",{"id":279,"name":280,"alternativeText":18,"caption":18,"width":125,"height":269,"formats":18,"hash":281,"ext":271,"mime":272,"size":282,"url":283,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":284,"updatedAt":285,"documentId":286,"publishedAt":92},{"id":506,"name":507,"alternativeText":18,"caption":18,"width":422,"height":422,"formats":18,"hash":508,"ext":271,"mime":272,"size":509,"url":510,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":511,"updatedAt":512,"documentId":513,"publishedAt":92},8,"briefcase.svg","briefcase_679abae475",4.49,"https://incredible-beef-2a6059b946.media.strapiapp.com/briefcase_679abae475.svg","2023-08-17T08:31:37.038Z","2025-01-24T15:53:51.531Z","bfdftlvwhj35dm37dzv4aujf",{"__component":95,"id":515,"title":97,"aside":18,"postType":516,"limit":99,"expertise":517},485,"blogs",[518],{"id":63,"title":64,"subTitle":65,"description":66,"shortDescription":67,"slug":68,"createdAt":69,"updatedAt":70,"publishedAt":71,"isCoreExpertise":72,"documentId":73,"image":519,"blocks":522,"midPageBlocks":531,"seo":562},{"id":75,"name":76,"alternativeText":18,"caption":18,"width":77,"height":78,"formats":520,"hash":86,"ext":23,"mime":26,"size":87,"url":88,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":89,"updatedAt":90,"documentId":91,"publishedAt":92},{"thumbnail":521},{"ext":23,"url":81,"hash":82,"mime":26,"name":83,"path":18,"size":84,"width":52,"height":85},[523,528],{"__component":95,"id":96,"title":97,"aside":18,"postType":98,"limit":99,"expertise":524},[525,526,527],{"id":63,"title":64,"subTitle":65,"description":66,"shortDescription":67,"slug":68,"createdAt":69,"updatedAt":70,"publishedAt":71,"isCoreExpertise":72,"documentId":73},{"id":87,"title":162,"subTitle":163,"description":164,"shortDescription":165,"slug":166,"createdAt":167,"updatedAt":168,"publishedAt":169,"isCoreExpertise":123,"documentId":170},{"id":99,"title":216,"subTitle":65,"description":217,"shortDescription":218,"slug":219,"createdAt":220,"updatedAt":221,"publishedAt":222,"isCoreExpertise":123,"documentId":223},{"__component":108,"id":109,"titleLeft":110,"callToActionTextLeft":111,"callToActionLinkUrlLeft":112,"titleRight":113,"callToActionTextRight":114,"callToActionLinkUrlRight":115,"iconUrlLeft":529,"iconUrlRight":530},{"id":266,"name":267,"alternativeText":18,"caption":18,"width":268,"height":269,"formats":18,"hash":270,"ext":271,"mime":272,"size":273,"url":274,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":275,"updatedAt":276,"documentId":277,"publishedAt":92},{"id":279,"name":280,"alternativeText":18,"caption":18,"width":125,"height":269,"formats":18,"hash":281,"ext":271,"mime":272,"size":282,"url":283,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":284,"updatedAt":285,"documentId":286,"publishedAt":92},[532,539,546,553,560],{"__component":118,"id":119,"title":120,"subTitle":18,"content":121,"callToActionText":18,"callToActionLink":18,"colorStyle":122,"showAsides":123,"imageUrl":533},{"id":290,"name":291,"alternativeText":18,"caption":18,"width":19,"height":292,"formats":534,"hash":321,"ext":295,"mime":298,"size":322,"url":323,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":324,"updatedAt":324,"documentId":325,"publishedAt":92},{"large":535,"small":536,"medium":537,"thumbnail":538},{"ext":295,"url":296,"hash":297,"mime":298,"name":299,"path":18,"size":300,"width":29,"height":301},{"ext":295,"url":303,"hash":304,"mime":298,"name":305,"path":18,"size":306,"width":20,"height":307},{"ext":295,"url":309,"hash":310,"mime":298,"name":311,"path":18,"size":312,"width":44,"height":313},{"ext":295,"url":315,"hash":316,"mime":298,"name":317,"path":18,"size":318,"width":319,"height":320},{"__component":118,"id":125,"title":126,"subTitle":18,"content":127,"callToActionText":18,"callToActionLink":18,"colorStyle":128,"showAsides":123,"imageUrl":540},{"id":328,"name":329,"alternativeText":18,"caption":18,"width":19,"height":292,"formats":541,"hash":351,"ext":295,"mime":298,"size":352,"url":353,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":354,"updatedAt":354,"documentId":355,"publishedAt":92},{"large":542,"small":543,"medium":544,"thumbnail":545},{"ext":295,"url":332,"hash":333,"mime":298,"name":334,"path":18,"size":335,"width":29,"height":301},{"ext":295,"url":337,"hash":338,"mime":298,"name":339,"path":18,"size":340,"width":20,"height":307},{"ext":295,"url":342,"hash":343,"mime":298,"name":344,"path":18,"size":345,"width":44,"height":313},{"ext":295,"url":347,"hash":348,"mime":298,"name":349,"path":18,"size":350,"width":319,"height":320},{"__component":118,"id":130,"title":131,"subTitle":18,"content":132,"callToActionText":18,"callToActionLink":18,"colorStyle":122,"showAsides":123,"imageUrl":547},{"id":358,"name":359,"alternativeText":18,"caption":18,"width":19,"height":292,"formats":548,"hash":381,"ext":295,"mime":298,"size":382,"url":383,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":384,"updatedAt":385,"documentId":386,"publishedAt":92},{"large":549,"small":550,"medium":551,"thumbnail":552},{"ext":295,"url":362,"hash":363,"mime":298,"name":364,"path":18,"size":365,"width":29,"height":301},{"ext":295,"url":367,"hash":368,"mime":298,"name":369,"path":18,"size":370,"width":20,"height":307},{"ext":295,"url":372,"hash":373,"mime":298,"name":374,"path":18,"size":375,"width":44,"height":313},{"ext":295,"url":377,"hash":378,"mime":298,"name":379,"path":18,"size":380,"width":319,"height":320},{"__component":118,"id":134,"title":135,"subTitle":18,"content":136,"callToActionText":137,"callToActionLink":112,"colorStyle":128,"showAsides":123,"imageUrl":554},{"id":389,"name":390,"alternativeText":18,"caption":18,"width":19,"height":292,"formats":555,"hash":412,"ext":295,"mime":298,"size":413,"url":414,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":415,"updatedAt":415,"documentId":416,"publishedAt":92},{"large":556,"small":557,"medium":558,"thumbnail":559},{"ext":295,"url":393,"hash":394,"mime":298,"name":395,"path":18,"size":396,"width":29,"height":301},{"ext":295,"url":398,"hash":399,"mime":298,"name":400,"path":18,"size":401,"width":20,"height":307},{"ext":295,"url":403,"hash":404,"mime":298,"name":405,"path":18,"size":406,"width":44,"height":313},{"ext":295,"url":408,"hash":409,"mime":298,"name":410,"path":18,"size":411,"width":319,"height":320},{"__component":139,"id":140,"title":141,"callToActionText":142,"callToActionLinkUrl":143,"body":18,"imageUrl":561},{"id":419,"name":420,"alternativeText":18,"caption":18,"width":421,"height":422,"formats":18,"hash":423,"ext":271,"mime":272,"size":424,"url":425,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":426,"updatedAt":427,"documentId":428,"publishedAt":92},{"id":145,"metaTitle":146,"metaDescription":147,"structuredData":563,"metaImage":18,"metaSocial":566},{"url":149,"@type":150,"@context":151,"provider":564,"areaServed":565,"description":159,"serviceType":160},{"url":153,"name":154,"@type":155},{"name":157,"@type":158},[],{"id":568,"metaTitle":569,"metaDescription":570,"structuredData":571,"metaImage":590,"metaSocial":630},618,"Zero Trust microservices met Istio en mTLS | ShareValue","Uitleg van Zero Trust microservices in Kubernetes met Istio en hoe je mTLS praktisch inricht voor veilige service-communicatie.",{"url":572,"@type":573,"image":574,"author":577,"@context":151,"headline":580,"keywords":581,"publisher":582,"inLanguage":585,"description":586,"dateModified":13,"datePublished":13,"articleSection":587,"mainEntityOfPage":588},"https://sharevalue.nl/blogs/zero-trust-microservices-in-kubernetes-met-istio-van-theorie-naar-een-werkende-m-tls-setup","BlogPosting",{"url":575,"@type":576}," https://incredible-beef-2a6059b946.media.strapiapp.com/OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0.jpg ","ImageObject",{"name":436,"@type":578,"jobTitle":437,"worksFor":579},"Person",{"name":154,"@type":155},"Zero Trust microservices in Kubernetes met Istio en mTLS","Zero Trust, Kubernetes, Istio, mTLS, microservices, security",{"logo":583,"name":154,"@type":155},{"url":584,"@type":576},"https://sharevalue.nl/wp-content/uploads/logo-sharevalue.png","nl-NL","Praktische uitleg van Zero Trust microservices in Kubernetes met Istio en een werkende mTLS-configuratie.","Security, Kubernetes, Cloud-native",{"@id":572,"@type":589},"WebPage",{"id":591,"name":592,"alternativeText":18,"caption":18,"width":593,"height":594,"formats":595,"hash":624,"ext":295,"mime":298,"size":625,"url":626,"previewUrl":18,"provider":58,"provider_metadata":18,"createdAt":627,"updatedAt":627,"documentId":628,"publishedAt":629},1442,"OP afb Blog Addy Zero trust in Kubernetes met Istio.jpg",1200,628,{"large":596,"small":603,"medium":610,"thumbnail":617},{"ext":295,"url":597,"hash":598,"mime":298,"name":599,"path":18,"size":600,"width":29,"height":601,"sizeInBytes":602},"https://incredible-beef-2a6059b946.media.strapiapp.com/large_OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0.jpg","large_OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0","large_OP afb Blog Addy Zero trust in Kubernetes met Istio.jpg",50.61,523,50611,{"ext":295,"url":604,"hash":605,"mime":298,"name":606,"path":18,"size":607,"width":20,"height":608,"sizeInBytes":609},"https://incredible-beef-2a6059b946.media.strapiapp.com/small_OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0.jpg","small_OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0","small_OP afb Blog Addy Zero trust in Kubernetes met Istio.jpg",18.73,262,18729,{"ext":295,"url":611,"hash":612,"mime":298,"name":613,"path":18,"size":614,"width":44,"height":615,"sizeInBytes":616},"https://incredible-beef-2a6059b946.media.strapiapp.com/medium_OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0.jpg","medium_OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0","medium_OP afb Blog Addy Zero trust in Kubernetes met Istio.jpg",33.15,393,33150,{"ext":295,"url":618,"hash":619,"mime":298,"name":620,"path":18,"size":621,"width":52,"height":622,"sizeInBytes":623},"https://incredible-beef-2a6059b946.media.strapiapp.com/thumbnail_OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0.jpg","thumbnail_OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0","thumbnail_OP afb Blog Addy Zero trust in Kubernetes met Istio.jpg",6.56,128,6556,"OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0",65.14,"https://incredible-beef-2a6059b946.media.strapiapp.com/OP_afb_Blog_Addy_Zero_trust_in_Kubernetes_met_Istio_b0fad33cc0.jpg","2026-04-28T10:39:14.957Z","ruajf2u6smphkng4kyd2wtpx","2026-04-28T10:39:14.958Z",[],{"pagination":632},{"page":633,"pageSize":212},1,{},1780053420501]