Securing Containers and Kubernetes Ecosystem

Learn best practices and security controls for containers and the Kubernetes ecosystem using a simple five-factor security model.

Introduction

• Protect your containers and Kubernetes ecosystem
• What you need to know

1. Demystifying Containers and Kubernetes

• What are containers?
• Virtualization
• Isolation and OS security features
• Container runtime
• What is Kubernetes?
• Kubernetes master node
• Kubernetes worker node

2. Security Model for Containers and Kubernetes

• Overall technology architecture
• Container deployment and orchestration lifecycle
• Attack surface and vectors
• Five factors

3. Factor #1: Securing Containerized Application Code

• Secure design before code
• Secure code

4. Factor #2: Securing Images

• Secure container images, part 1
• Secure container images, part 2
• Image registries
• Image registry access control

5. Factor #3: Securing Hosts and Container Working Environment

• Container working environment
• Container network security
• Container port and interface security
• Host OS protection

6. Factor #4: Securing Applications in Kubernetes

• Securing applications in Kubernetes
• Pod Security Standard
• Access management
• Authenticating users
• Authenticating service accounts
• Authorization
• Admission control
• Security context
• Security Policy
• Kubernetes network security
• Secrets management

7. Factor #5: Securing Kubernetes Cluster

• Cluster security goals
• Securing API server traffic
• Securing cluster components

8. Additional Security Considerations

• Infrastructure security
• Logging and monitoring

Conclusion

• Next steps