Explore cloud native security patterns in this 51-minute LASCON conference talk. Delve into secure software design for containerized microservices running on distributed management and orchestration platforms. Learn how to model security controls at different trust boundaries within your architecture using patterns like Service Mesh and Ambassador. Discover reference architecture guidance applicable to any cloud native environment, covering multi-tenancy, authentication, authorization, and encryption. Gain insights into Kubernetes, control planes, container security, service accounts, and pod security policies. Examine sidecar patterns, secrets management, and encryption techniques. Leave with a comprehensive understanding of cloud native security design at an architectural level, ready to apply these concepts to your own projects.
Running at Light Speed - Cloud Native Security Patterns
Overview
Syllabus
Introduction
Cloud Native Systems
Platform Teams
Kubernetes
Control Plane
Reconciler
Containers
Container escapes
Container runtimes
Container management
SATCOM
AppArmor
Capabilities
Privileges
Username Spaces
Rootless Containers
Kubernetes Support
No Need Privileges
Authentication Rights
Default Accounts
API Access
Create Service Account
Service Account Token
Security Policies
Authorization
Blast Radius
Kubernetes Controllers
Kubernetes Emission Controller
Pod Security Policy
Controls
Create a PSP
Sidecars
Ambassadors
Consoles
Sidecar
Secrets Management
Secrets Encryption
Taught by
LASCON
