Securing Kubernetes Clusters: A Collaborative Approach to Self-Assessment

Explore a 32-minute conference talk that delves into the collaborative efforts of Kubernetes Special Interest Groups (SIGs) and Technical Advisory Groups (TAGs) to enhance security in cluster management. Learn how SIG Cluster Lifecycle, SIG Security, and TAG Security joined forces to conduct the first community-driven self-assessment of the Cluster API project. Discover the journey from creating data flow diagrams to understand project internals, through threat modeling, to implementing security improvements. Gain insights into the challenges of global collaboration, time management, and asynchronous communication. Understand the outcomes of this groundbreaking exercise and its potential impact on future security assessments across Kubernetes sub-projects. Uncover valuable lessons for community-driven security enhancements in open-source projects.

A Raccoon And a Group Of Turtles Secure Clusters Together! - Pushkar Joglekar & Naadir Jeewa, VMware