Admission Controllers - One Part of Your Kubernetes Security and Governance Toolkit

Explore the critical role of admission controllers in Kubernetes security and governance through this comprehensive webinar. Gain insights into the Kubernetes Admission Controller architecture, focusing on the Validating Admission Controller function and its integration with Open Policy Agent and Rego language. Examine real-world scenarios involving misconfiguration and potential security threats, and learn how to implement effective admission control policies. Acquire knowledge on object creation in Kubernetes, master the basics of the Rego language for writing admission controller policies, and obtain sample policies for enhancing security and IT governance. Delve into common Kubernetes attack vectors, mitigation strategies, and security best practices, including enforcing trusted registries, preventing privileged pods, and securing container filesystems. Led by cloud experts from Palo Alto Networks, this 56-minute session equips you with practical skills to strengthen your Kubernetes environment's security posture.

Intro
Kubernetes common attack vectors
Kubernetes Mitigations and Controls
Rego Language: The Basics
Security Integration Points
Kubernetes Security Best Practices
Enforce a Trusted Registry
Don't allow 'dev', 'latest', or 'master' image tags in prod
Prevent Privileged Pods
Prevent sensitive host system mounts
Make the container filesystem read only
Prevent NodePort Services
Resources Example Policies