Get Past the Default Configs: Lessons from the k8s Security Audit
2019-11-16, 10:25–10:55, The Gallery

The Kubernetes security audit turned up some bugs in Kubernetes, but did you know it also includes important security advice for end users? Find out about the security recommendations from the audit and learn how you can apply them in your apps today.

Once you get your Kubernetes deployments and services up, it’s tempting to take a break. But don’t stop with the default configurations—k8s has a ton of built-in options and features you can use to improve your security.

Using the Kubernetes security audit whitepaper as a guide, we’ll discuss what controls you can apply to make your apps more secure. We’ll pick apart the security context and see how to run deployments with read-only root file systems, non-root users, and limited capabilities. Then we’ll dig into features like network policies, RBAC, and admission control; configs like resource limits; and practices like namespacing and consistent metadata. And, of course, we’ll learn how these help you deliver a more reliable and secure app.

Using all we’ve learned, we’ll see how native Kubernetes security controls help you block entire classes of vulnerabilities in a live demonstration.

See also: Slides