K8s Auth{N,Z} at Robinhood - Learning from Reductions, Migrations and Designing Automation - Sujith Katakam & Karen Tu, Robinhood Markets, Inc.

less than 1 minute read

Abstract

Kubernetes RBAC seems simple enough - specify the resource that you need access to and bind it to who needs it - what’s the problem? In the quest of implementing least privilege company-wide, we ran into seemingly simple but practically complicated questions, for example: How do we figure out who needs what, for how long? How do we grant access in a timely and time-bound manner? How do we think about what permissions need what level of scrutiny? How do we clean up existing permissions and migrate to a different Identity Provider and authentication mechanism with as minimal user friction as possible? Work is still ongoing to clean up existing problematic permissions as well as design a sustainable solution going forward. Join us in this talk where we share the challenges and learnings we have on managing authentication and authorization at Robinhood. We’ll also include a “fun” story of how our OIDC client got deleted!

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

K8s Auth{N,Z} at Robinhood - Learning from Reductions, Migrations and Designing Automation - Sujith Katakam & Karen Tu, Robinhood Markets, Inc.

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google