I'm following the Kubernetes ecosystem quite a bit and sometimes people share how they architect their platforms, just like the engineers that built the Cruise self-driving car platform from GM.

In a series of articles they first described the  Cruise PaaS architecture and the second part of the series goes into the security architecture of the platform.

I find the below statement remarkable because it shows that security by design arrives in the developer (now: DevOps) world and that by making it a design decision rather than a checkbox you win in the long-term and you can continue to develop rapidly without security slowing you down if you start planning with security in mind.

Btw. no mention of network policies, this is particularly hard and i see people struggle with implementing network and segmentation policies for their container platforms and applications.