Overview
Syllabus
Intro
What is Kubernetes? Open-source system for deploying, scaling and managing containerized apps and services
Isolating Container Workloads, IRL
Container Manifest & Daemon
Spoiler: Containers Aren't Sandboxes
Container Isolation Models Via cgroups & namespaces
Cloud-Native Secure Architecture
Cluster and Namespace Scopes • Resources are scoped at the Cluster or Namespace
Control Plane & Core Components The Control Plane manages the cluster's state and schedules containers.
Authorization Mode
Authentication
Fixing the Problem Always use a unique service account per pod!
Role-Based Access Control
Create Roles & Bindings
Secrets Management
Dynamic Secrets
Conclusion Think about security early and anticipate future growth
Taught by
OWASP Foundation