Kubernetes Security: Hacking Containers
Hidden under the hood of Kubernetes are a lot of security features. Starting from the Linux namespaces used in containers all the way to the network, there are a lot of configurations to support (or totally destroy) the security of a cluster.
In this talk, Thomas will cover:
- The security model of Kubernetes
- How to check clusters for vulnerabilities and fight security weaknesses with a few lines of scripting
- How to use scripts to analyze Istio, the "trust nothing" distributed firewall solution, and find an exploitable vulnerability in no time.
Finally, we show how Istio has handled the bug report and how future versions from 1.2 will close the exploit using the Container Network Interface (CNI).
After a 30 minutes talk, there will be 15 minutes for a discussion with the audience. We’d like to encourage you to submit your questions in advance.
A recording of the webinar and useful materials will be shared with webinar attendees afterwards.
Audience - who should join?
DevOps Engineers, DevSecOps Engineers, Site Reliability Engineers, System Engineers, Infrastructure Kubernetes Administrators, Technical Architects, Application Developers with an affinity with DevOps and Technical Management
Kubernetes Security: Hacking Containers
Thomas Fricke has started Endocode, an Open Source and Cloud company and worked for several years as the CTO.
He is now working as a freelancer mainly as a Security Architect implementing Kubernetes based SecDevOps in Energy and Healthcare. He has a long history in building clouds, is working with Kubernetes nearly from the beginning, and started with Linux 0.95.
Thomas is pro bono member of the Gaia X project, AG Kritis, and member of the German IT Planungsrat (IT steering committee). He also started an initiative to create a legally and technically safe Government repo “Ein Ort für öffentlichen Code” (a place for public code).
