Keeping Kubernetes Safe: The Lowdown on Locked Namespaces - Marco De Benedictis, ControlPlane

less than 1 minute read

Abstract

Kubernetes namespaces are widely used by developers and infrastructure maintainers to group resources within clusters, yet their role as pivotal security boundaries often gets overlooked. Many well-established and upcoming Kubernetes features rely on secure namespace management, from in-cluster DNS resolution to Network Policies, Limit Ranges, Pod Security Standards, and Gateway API Cross-Namespace Routing. The talk will investigate the implications of compromise within a cluster if an adversary successfully tampers existing namespaces or crafts new ones by delving into real-world use cases, including multi-tenancy and cluster-native policy enforcement. A spectrum of mitigations and best practices to lock down namespaces effectively will be presented, covering strategies from Role-Based Access Control (RBAC) to advanced object validation using admission controllers, including secure approaches with namespace templating in multi-tenant environments.

Sched URL

Video

Share on

Twitter Facebook LinkedIn

About

Conferences

Keeping Kubernetes Safe: The Lowdown on Locked Namespaces - Marco De Benedictis, ControlPlane

Abstract

Video

Share on

You May Also Enjoy

Why Perfect Compliance Is the Enemy of Good Kubernetes Security - Michele Chubirka, Google

The Policy Engines Showdown - Gabriel L. Manor, Permit.io; Andres Aguiar, Okta; Omri Gazitt, Aserto; Pauline Jamin, Agicap; Tyler Schade, Geico; Joy Scharmen, StrongDM

Seccomp and eBPF; What’s the Difference? Why Do I Need to Know? - Natalia Reka Ivanko & Duffie Cooley, Isovalent @ Cisco

SPIFFE the Easy Way: Universal X509 and JWT Identities Using cert-manager - Tim Ramlot & Ashley Davis, Venafi