Tools and Strategies for Making the Most of Kubernetes Access Control - Lucas Käldström, Upbound & Micah Hausler, AWS

less than 1 minute read

Abstract

Have you ever struggled writing least-privilege access control policies for Kubernetes? Are you concerned about the wide permissions of installed Helm charts? Do you manage to regularly audit who has access to sensitive resources? In this talk, Kubernetes contributors Micah and Lucas introduce you to open source tools that help you on your defense in depth journey for securing the Kubernetes API surface. They demonstrate how to right-size your RBAC rules semi-automatically, audit who can access sensitive resources, and check whether policy refactors are correct. This talk is part of a journey to improve Kubernetes access control in core. However, to make this initiative successful, user feedback is needed throughout the process. You’ll learn about the planned Kubernetes Conditional Authorization feature, which will make authoring right-sized policies easier. By the end of the talk, you will know how to get involved, and future directions for improved Kubernetes access control.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Tools and Strategies for Making the Most of Kubernetes Access Control - Lucas Käldström, Upbound & Micah Hausler, AWS

Abstract

Video

Share on

You May Also Enjoy

You Deployed What?! Data-Driven Lessons on Unsafe Helm Chart Defaults - Yossi Weizman, Microsoft

The Ultimate Container Challenge: An Interactive Trivia Game on Supply Chain Security - Aurélie Vache, OVHcloud & Sherine Khoury, Red Hat

Securing Data Applications at Pinterest With Finer Grained Access Control on Kubernetes - Soam Acharya & William Tom, Pinterest

Authenticating and Authorizing Every Connection at Uber - Yangmin Zhu & Matt Mathew, Uber