»The bypass of k8s network policy«
2019-11-16, 16:20–16:50, Room2

A network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints. It will be used by cluster operator to segment resources based on organization policies and enforce access control based on security requirements. In this talk, we will introduce what is network policy and network plugins, then we will show how to enforce network policy to protect a demo application, finally we show step by step examples how to bypass the network policy in the following scenarios: Abuse of privileges, insecure host mounts and misconfiguration of kubelet. Attendees should come away with the idea of securing kubernetes cluster in holistic way.