Safety or Usability: Why Not Both? Towards Referential Auth in K8s - Rob Scott, Google & Mo Khan, Microsoft

less than 1 minute read

Abstract

Is your essential tooling leaving your Kubernetes clusters vulnerable to CVEs? Are you sure? For example, Ingress and Gateway controllers are often deployed with read access to all Secrets in a cluster. What if we could introduce new authorization APIs that both mitigate future CVEs and enable entirely new reference patterns? In this talk, Rob and Mo will show how new APIs being developed by the community can help keep your clusters secure and safely enable cross-namespace references. Along the way, you’ll learn the history of these problems, including various stop-gap solutions that have been attempted along the way, to help you understand the context for the proposed changes. This session will provide you with clear guidelines for how to keep your clusters secure today by limiting unnecessary access to components running in your clusters. You’ll also learn how you can shape the future of these Kubernetes APIs by providing early feedback in the coming months of active development.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Safety or Usability: Why Not Both? Towards Referential Auth in K8s - Rob Scott, Google & Mo Khan, Microsoft

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google