Practical Challenges with Pod Security Admission - V Körbes & Christian Schlotter, VMware

less than 1 minute read

Abstract

A big reason we love Pod Security Admission is that it’s so easy and simple to use. But here’s a challenge that comes with implementing Pod Security Admission: there’s always a workload that needs too many privileges to run, and then it needs to get a pass from the security controls. One way to address this unsecured footprint is to break down all the different services, applications, and packages into their separate component parts, leaving the bits that need privileges privileged, and locking down everything else. There’s a whole art to that – we’ll talk about it. But ‘principle of least privilege’ doesn’t mean zero privilege so… What do we do when that privilege gets exploited? We welcome it with a node that has nothing valuable whatsoever, is what! And there’s a whole art to that too – we’ll talk about it. In this presentation attendees will get an overview of the challenges that come with implementing Pod Security Admission in the real world, and tap on the speaker’s experience working with partner companies to solve them.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Practical Challenges with Pod Security Admission - V Körbes & Christian Schlotter, VMware

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google