A single Elasticsearch cluster is often used to store many different types of data for a variety of uses. While such multi-tenancy maximizes efficiency both compute/storage resources and ops-team resources, it also requires key elements around security. For example, if an application that is sending troubleshooting logs to an Elasticsearch cluster is compromised, the attacker should not also be able to read user transaction data or delete network access logs, simply because that data also happens to be stored in the same cluster.
In this post, we will look at how Cilium helps you lock down access to data in your Elasticsearch cluster without requiring any changes to the application code or containers. Cilium is an open source API-aware network security technology for container orchestration frameworks like Kubernetes.