Tutorial: Reducing the Sticker Price Of Kubernetes Security - Pushkar Joglekar, VMware
Abstract
NOTE: To have the best experience during the tutorial, please download the tools in this section of the README: https://github.com/PushkarJ/kccncna-22-tutorial#pre-requisites prior to the session. Further Reading is on Slide 52 of the attached slide deck PDF. “Securing Kubernetes is full of landmines with Dragons lurking everywhere you see yaml.” Sounds familiar? This statement captures the general feeling of many years of many End User admins who are tasked with managing Kubernetes clusters. In the last couple of years, however, the community has worked on several incremental changes that have improved the security posture of Kubernetes significantly. Good news is that they are simple and do not require weeks to get them right! In this tutorial, Pushkar Joglekar will take you on a journey of learning hands-on techniques, open source tools, and newer security enhancements that will make deploying a secure kubernetes cluster faster and a little bit easier. We will start with verifying signed kubernetes release images for any version of your choice, applying Pod Security Standards at cluster or namespace level and configuring Runtime SecComp Profile by default for all workloads in a cluster running on your own system. At the end we will tie all these security features to real world vulnerabilities and known attacks to get that fuzzy and warm feeling, on a cold October day in Detroit, of being able to prevent vulnerability exploits in your clusters because you applied what you learnt in this tutorial. Happy Honking Defensively !!!