Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Flying Above the Clouds - Securing Kubernetes

OWASP Foundation via YouTube

Overview

Explore the Kubernetes attack surface and learn methods to secure cloud-native systems in this 53-minute conference talk from AppSecUSA 2018. Dive into the complexities of containerized microservices managed by orchestration systems, focusing on authentication, authorization, network segmentation, storage, and logging/auditing. Discover quick security wins and design-level choices for building resilient architectures. Examine container runtime security, underlying cloud infrastructure considerations, and microservice security. Gain insights into deploying secure services and meshes while maintaining development speed. By the end, understand the cloud-native attack surface and approach to hardening infrastructure and deploying secure services with Kubernetes.

Syllabus

Intro
What is Kubernetes? Open-source system for deploying, scaling and managing containerized apps and services
Isolating Container Workloads, IRL
Container Manifest & Daemon
Spoiler: Containers Aren't Sandboxes
Container Isolation Models Via cgroups & namespaces
Cloud-Native Secure Architecture
Cluster and Namespace Scopes • Resources are scoped at the Cluster or Namespace
Control Plane & Core Components The Control Plane manages the cluster's state and schedules containers.
Authorization Mode
Authentication
Fixing the Problem Always use a unique service account per pod!
Role-Based Access Control
Create Roles & Bindings
Secrets Management
Dynamic Secrets
Conclusion Think about security early and anticipate future growth

Taught by

OWASP Foundation

Reviews

Start your review of Flying Above the Clouds - Securing Kubernetes

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.