Kubernetes provides a lot of security features, but securing your setup can be complex and vulnerabilities are often not discovered.
Starting from the Linux namespaces used in containers, all the way to the network, there are a lot of configurations to support (or totally destroy) the security of a cluster.
In this talk, Thomas will cover:
- The security model of Kubernetes
- How to check clusters for vulnerabilities and fight security weaknesses with a few lines of scripting
- How to use scripts to analyze Istio, the "trust nothing" distributed firewall solution, and find an exploitable vulnerability in no time.
- Finally, we show how Istio has handled the bug report and how future versions from 1.2 will close the exploit using the Container Network Interface (CNI).
After a 30 minutes talk, there will be 15 minutes for Q&A. We’d like to encourage you to submit your questions in advance.
A recording of the webinar and related materials will be shared with webinar attendees afterwards.
Audience - who should join?
DevOps Engineers, Site Reliability Engineers, System Engineers, Infrastructure Kubernetes Administrators, Technical Architects, Application Developers with an affinity with DevOps and Technical Management.