Everything You Want to Know about Kubernetes RBAC and Were Too Afraid to Ask
10-23, 15:00–15:30 (US/Eastern), Main Room

Role-based Access Control (AKA RBAC) is a continuous challenge with the growing complexity of cloud native operations, the sheer number of services involved, as well as the privileges required to manage and maintain complex systems with today's ironclad SLAs. Many modern microservices systems are built upon Kubernetes that has its own unique set of RBAC challenges.

In this talk I'll walk through some of the challenges with managing RBAC at scale in Kubernetes operations - from common mistakes (cluster-admin anyone?) and misconfigurations, as well as overly privileged roles including unnecessary access to secrets. Amir, as a Kubernetes RBAC expert will cover all the questions you always wanted to ask and never dared, such as including how to assign access to secrets (both from a technical and organizational perspective), who should be allowed to delete pods, as well as the age-old question of who really should be allowed to have cluster-admin access. We'll wrap up with some hard-earned tips for how to architect RBAC best-practices into your systems, and some good open source tools to manage privileges and access in the long term.

Ben Hirschberg
Ben is a veteran cybersecurity and DevOps professional, as well as computer science lecturer. Today, he is the co-founder at ARMO, with a vision of making end-to-end Kubernetes security simple for everyone, and a core maintainer of the open source Kubescape project. He teaches advanced information security academically in both undergrad and graduate courses. In his previous capacities, he has been a security researcher and architect, pen-tester and lead developer at Cisco, NDS and Siemens.

This speaker also appears in: