Kubernetes Security Best Practices - Ian Lewis, Google
![CNCF [Cloud Native Computing Foundation]](http://yt3.ggpht.com/txe66EjpkDQQlx_4jDV0yA0PPsww0rqQrFhMpDqagLWN2-EUBBO65IuIyy5tEFVmpI4_RRduzXc=s48-c-k-c0x00ffffff-no-rj)
ฝัง
- เผยแพร่เมื่อ 4 มิ.ย. 2024
- Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Kubernetes Security Best Practices - Ian Lewis, Google
Containers give developers the ability to isolate applications from one another, but that’s not enough. Resource isolation is much different that security isolation. How do we make applications deployed in containers more secure? What tools can be we apply to our containers running in Kubernetes to make them more secure? How can we apply policy to our network and services to make sure applications only have access to what they need and nothing more?
In this talk, attendees will learn about the risks and attack surfaces of a Kubernetes cluster. s-We'll look at tools like PodSecurityPolicy, SELinux, AppArmor, seccomp, and sandboxed containers in action to improve the security of containers. We’ll then go up the stack and learn how to apply network policy to containers to further improve security. - วิทยาศาสตร์และเทคโนโลยี
07:33 Attacking Kubernetes cluster itself, Kubernetes API server 09:01 RBAC 10:58 API Firewall 11:35 NetworkPolicy 13:20 Get access to cluster components, etcd
Thanks Ian, it's still relevant in 2021 😃
Ian, Thanks so much. Great presentation, and excellent coverage of K8S security best practices.
Excellent presentation. Very concise in terms on identifying what are possible areas to secure and how to secure for containerized workload running on Kubernetes.
Hello Ian, Rocking presentation which is clear and easy to understand for newbies .
Nice! Really good presentation with illustrative pictures. Thanks Ian!
Thanks for the excellent presentation Ian. Great parallels on Defense In Depth principle where it underpins the logical flow: Network -> Host -> Supply Chain (Application) -> Data vs. a threat model driven by it (layered defense). Also, it's worth pondering on the importance of Infra Code security first (for those orgamisations mature enough to drive everything via code e.g. Terraform, Crossplane, or ClusterAPI) where it's critical on CI/CD/Progressive Delivery DevSecOps cycle given that it builds entirely on what's being presented.
Hi Ian. Your presentation is clear and I was able to grasp your ideas easily. Thanks. I am also interested in the remaining topics not covered in your presentation - Threat detection, Build Hygiene and SecOps. Could you recommend good articles or videos regarding those topics? Thanks in advance.
Thanks for your presentation
Very helpful..precise..
Very good talk
thank you so much
Thanks
awesome
👍thanks, even now
Nice topics
fruitful !