M9sweeper - The Open Source Kubernetes Security Platform

Explore the open-source Kubernetes security platform M9sweeper in this comprehensive conference talk from Conf42 Kube Native 2023. Delve into cloud security fundamentals, including the 4 C's of cloud security and Kubernetes architecture. Learn about essential security best practices, role-based access control, and the importance of security tools. Witness demonstrations of kube-bench and gain insights into container virtualization, isolation, and breakout prevention. Examine pod security admissions, network policies, and the extension of Kubernetes with OPA and Gatekeeper. Discover CVE scanning techniques using Trivy and explore Linux kernel call limitations with Project Falco. Enhance your understanding of Kubernetes security through practical examples, sample configurations, and hands-on demonstrations throughout this informative session.

intro
preamble
about jacob
4 c's of cloud security
lab summary - layers covered
cloud: kubernetes architecture
k8s security best practices
role based access control
sample role
sample role binding
why use tools?
demo: kube-bench
container: what is virtualization?
what is a container?
degrees of isolation
parts of a container image
docker file example
container breakout
preventing container breakout
limiting linux kernal calls
kubesec
pod security admissions
network policies
sample network policy
shortcomings of built-in features
extending kubernetes: opa and gatekeeper
lab: gatekeeper
cve scanning with trivy
limiting linux kernel calls
demo: project falco
summary
questions?