PKI the Wrong Way: Simple TLS Mistakes and Surprising Consequences - Tabitha Sable, Datadog
Abstract
Effective management of TLS certificates and keys is a serious challenge when running Kubernetes at scale. TLS mutual authentication secures all the Kubernetes control plane components, but there are many details that must be right. This talk looks at some of the ways common mTLS configuration mistakes can be abused and how you can reduce that risk. The presentation begins with a tour of the basics of TLS mutual authentication and how it is used by each control plane component. Then, Tabitha will demonstrate several example misconfigurations, exploit them for your education and amusement, and share recommendations to prevent them in your own clusters. You’ll leave with a stronger understanding of this essential element of Kubernetes cluster deployment.