Kubernetes Cluster Security and Usability: Best Practices and Common Pitfalls

Explore Kubernetes cluster security and usability in this 49-minute conference talk by Rory McCune, Cloud Native Security Advocate at Aqua Security. Gain practical, defense-oriented insights into two main areas of Kubernetes security, focusing on usable defensive measures for immediate implementation. Learn about common misconfigurations in newly deployed clusters, surprising default settings chosen by providers, and scalable approaches to cluster security. Discover strategies for different threat models, including shared clusters among developer groups and multi-tenant configurations with Internet-facing applications. Delve into topics such as exposed clusters, outdated clusters, authentication, RBAC complexity, network security, and admission control. Acquire valuable knowledge to enhance your Kubernetes security posture and make informed decisions about cluster management.

Intro
What is Kubernetes?
So, What is Core Kubernetes?
Why is this important?
Where does Usability Come in?
Exposed Clusters
Outdated Clusters
Solution - Clusters As Cattle Not Pets
Kubernetes Authentication
Solution - Enforced External AuthN
RBAC Complexity
Solution - Minimal Interactive Access
Flat Networks
Solution - Default Deny Networks
Breakout to underlying nod
Solution - Admission Control
Kubernetes and Multi-Tenan
Solution - Kubernetes Cluster API
A Secure Kubernetes Solution
Conclusion