03-18, 17:50–17:55 (Europe/Paris), Arena
Practical lessons for Kubernetes "Production Ready"
By default Kubernetes is not a secure environment, and that's a fact. There are a lot of articles and applications around telling you that you should improve security, but actually it is not an easy task. Also you have lots of tech buddies creating new things on your cluster, so enforcement is your best friend and periodic checks can be your allies.
Fortunately, CEL, the language adopted by Kubernetes for validating policies and enforcement, is here to help and make it easier to start protecting your workloads and environment. In this talk, we'll take 5 minutes to show how the top 5 best practices can be implemented with CEL on Kubernetes.
No other tool is necessary, and this may help you to implement your own protections as well!
90% of respondents in Red Hat’s State of Kubernetes security report 2023 had at least one security incident in the past 12 months, with attacks on Kubernetes environments increasing by 300% over the last two years. Many early practitioners believe Kubernetes is secure, but reality is very different. Fortunately, there are several tools which can be used to enhance Kubernetes security and enforce best practices.
CEL's adoption represents a significant opportunity, not only in admission policies but also within the larger Kubernetes ecosystem. With its debut in version 1.26, and its extension to authentication from version 1.29 onwards, this is an opportune moment to discuss the language and elucidate the advantages of its practical adoption.
CTO at Getup, your favorite host on Kubicast, a sysadmin by training, but above all, always in a state of learning. Worked in large companies handling hosting and monitoring critical systems, but found the perfect fit for professional growth and fulfillment in startups. At Getup since 2016, he is the Kubernetes enthusiast. Has reached a new professional level, seamlessly integrating and delivering the best and most agile infrastructure solutions, making an impact on colleagues and the IT sector.