YoVDO

Flying Above the Clouds - Securing Kubernetes

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Authorization Courses Cloud-Native Architecture Courses Kubernetes Security Courses Network Segmentation Courses

Course Description

Overview

Explore the Kubernetes attack surface and learn methods to secure cloud-native systems in this 53-minute conference talk from AppSecUSA 2018. Dive into the complexities of containerized microservices managed by orchestration systems, focusing on authentication, authorization, network segmentation, storage, and logging/auditing. Discover quick security wins and design-level choices for building resilient architectures. Examine container runtime security, underlying cloud infrastructure considerations, and microservice security. Gain insights into deploying secure services and meshes while maintaining development speed. By the end, understand the cloud-native attack surface and approach to hardening infrastructure and deploying secure services with Kubernetes.

Syllabus

Intro
What is Kubernetes? Open-source system for deploying, scaling and managing containerized apps and services
Isolating Container Workloads, IRL
Container Manifest & Daemon
Spoiler: Containers Aren't Sandboxes
Container Isolation Models Via cgroups & namespaces
Cloud-Native Secure Architecture
Cluster and Namespace Scopes • Resources are scoped at the Cluster or Namespace
Control Plane & Core Components The Control Plane manages the cluster's state and schedules containers.
Authorization Mode
Authentication
Fixing the Problem Always use a unique service account per pod!
Role-Based Access Control
Create Roles & Bindings
Secrets Management
Dynamic Secrets
Conclusion Think about security early and anticipate future growth


Taught by

OWASP Foundation

Related Courses

Kubernetes and Cloud Native Associate (KCNA)
A Cloud Guru
Capstone: Following the AWS Well Architected Framework
Amazon Web Services via Coursera
AWS Well-Architected (French)
Amazon Web Services via AWS Skill Builder
IBM Cloud Advanced Architect
IBM via edX
Getting Started with Amazon DocumentDB (with MongoDB compatibility) (Japanese) 日本語実写版
Amazon Web Services via AWS Skill Builder