Explore a comprehensive 46-minute conference talk from the OWASP AppSec EU 2018 DevOps Track that delves into the world of Kubernetes security. Gain insights into the Kubernetes security landscape, risks, security models, and best practices. Learn how to configure users and applications with least-privilege, isolate and segregate workloads, and persist configuration across cluster rebuilds. Discover topics such as workload security, misconfigurations, deployment configuration tools, dashboards, cluster security, TLS node bootstrapping, role-based access control, and more. Understand the importance of pod security policies, resource linting, admission controllers, network policies, and deployment strategies. Equip yourself with the knowledge to navigate the complexities of Kubernetes security and ensure a robust, multi-tenanted infrastructure.
Continuous Kubernetes Security - Best Practices and Risk Mitigation
Overview
Syllabus
Introduction
About Andrew
Why does this matter
Why not security
Everything is fine
Cuban actors
Agenda
Kubernetes is insecure
A back model
workload security
misconfigurations
deployment configuration tool
dashboard
cluster
security again
what Kubernetes looks like
bootstrap TLS nodes
back role access control
Legacy Authorization
Secure Port
Leaking Secrets
Certificate rotation
Pods
Table Security Policies
Resource linting
Deployments
Labels
Containers
Admission Controllers
Limit Ranger
Security Policy
Encryption
Sealed Secrets
Token Requests
Networking
Network Policy
Service Mesh
Deployment Strategies
Recap
Multiple Clusters
Container Runtimes
Taught by
OWASP Foundation
Related Courses
-
Securing, Monitoring, and Scaling Kubernetes Clusters
-
Google Kubernetes Engine Best Practices: Security
-
One Large Cluster or Lots of Small Ones - Pros, Cons and When to Apply Each Approach
-
Kubernetes Security After Pod Security Policies Removal
-
Leveraging WebAssembly to Write Kubernetes Admission Policies
-
Kubernetes Cluster Security and Usability: Best Practices and Common Pitfalls
