Play all

Intro

What is Kubernetes? Open-source system for deploying, scaling and managing containerized apps and services

Isolating Container Workloads, IRL

Container Manifest & Daemon

Spoiler: Containers Aren't Sandboxes

Container Isolation Models Via cgroups & namespaces

Cloud-Native Secure Architecture

Cluster and Namespace Scopes • Resources are scoped at the Cluster or Namespace

Control Plane & Core Components The Control Plane manages the cluster's state and schedules containers.

Authorization Mode

Authentication

Fixing the Problem Always use a unique service account per pod!

Role-Based Access Control

Create Roles & Bindings

Secrets Management

Dynamic Secrets

Conclusion Think about security early and anticipate future growth

Description:

Explore the Kubernetes attack surface and learn methods to secure cloud-native systems in this 53-minute conference talk from AppSecUSA 2018. Dive into the complexities of containerized microservices managed by orchestration systems, focusing on authentication, authorization, network segmentation, storage, and logging/auditing. Discover quick security wins and design-level choices for building resilient architectures. Examine container runtime security, underlying cloud infrastructure considerations, and microservice security. Gain insights into deploying secure services and meshes while maintaining development speed. By the end, understand the cloud-native attack surface and approach to hardening infrastructure and deploying secure services with Kubernetes.

Flying Above the Clouds - Securing Kubernetes

OWASP Foundation

Add to list

#Conference Talks #Computer Science #Authorization #Programming #Cloud Computing #Cloud-Native Architecture #DevOps #Kubernetes #Kubernetes Security #Information Security (InfoSec) #Network Security #Network Segmentation