Kubernetes Security Best Practices

Kubernetes Security Best Practices - Ian Lewis, Google

CNCF [Cloud Native Computing Foundation]

День тому

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Kubernetes Security Best Practices - Ian Lewis, Google
Containers give developers the ability to isolate applications from one another, but that’s not enough. Resource isolation is much different that security isolation. How do we make applications deployed in containers more secure? What tools can be we apply to our containers running in Kubernetes to make them more secure? How can we apply policy to our network and services to make sure applications only have access to what they need and nothing more?
In this talk, attendees will learn about the risks and attack surfaces of a Kubernetes cluster. s-We'll look at tools like PodSecurityPolicy, SELinux, AppArmor, seccomp, and sandboxed containers in action to improve the security of containers. We’ll then go up the stack and learn how to apply network policy to containers to further improve security.

КОМЕНТАРІ: 17

@domaincontroller 3 роки тому

07:33 Attacking Kubernetes cluster itself, Kubernetes API server 09:01 RBAC 10:58 API Firewall 11:35 NetworkPolicy 13:20 Get access to cluster components, etcd

@laprashant 2 роки тому

Thanks Ian, it's still relevant in 2021 😃

@venkatbollimuntha178 3 роки тому

Ian, Thanks so much. Great presentation, and excellent coverage of K8S security best practices.

@phanikumar1502 3 роки тому

Hello Ian, Rocking presentation which is clear and easy to understand for newbies .

@rashmitrathod6873 3 роки тому

Excellent presentation. Very concise in terms on identifying what are possible areas to secure and how to secure for containerized workload running on Kubernetes.

@roshelliwanag9447 4 роки тому

Hi Ian. Your presentation is clear and I was able to grasp your ideas easily. Thanks. I am also interested in the remaining topics not covered in your presentation - Threat detection, Build Hygiene and SecOps. Could you recommend good articles or videos regarding those topics? Thanks in advance.

@tanelikantomaa9540 2 роки тому

Nice! Really good presentation with illustrative pictures. Thanks Ian!

@wilbertopalomar4187 2 роки тому

Thanks for the excellent presentation Ian. Great parallels on Defense In Depth principle where it underpins the logical flow: Network -> Host -> Supply Chain (Application) -> Data vs. a threat model driven by it (layered defense). Also, it's worth pondering on the importance of Infra Code security first (for those orgamisations mature enough to drive everything via code e.g. Terraform, Crossplane, or ClusterAPI) where it's critical on CI/CD/Progressive Delivery DevSecOps cycle given that it builds entirely on what's being presented.