Config Management Camp 2023 Ghent

Have you hardened your Kubernetes infrastructure?
2023-02-06, 17:35–18:00, C.1.155

Kubernetes adoption is reaching sky-high, it has a large and rapidly growing ecosystem not just limited to the IT industry but also in industries like automobile, pharmaceutical, financial, etc to increase automation and reduce IT cost. With the increased reliance of individuals and businesses on Kubernetes and at such a tremendous scale, a simple misconfiguration, inadequate restrictions or safeguards in place to the Kubernetes infrastructure put the enterprise at risk and can cause operational dysfunction and exploit security. Companies adopting Kubernetes are taking a preventable yet big risk if they are not looking at mitigating the risks that come with it. The more reliant we become on Kubernetes, the more critical it is to keep the environment safe and secure.

In this talk we will discuss the security challenges associated with setting up and securing a Kubernetes cluster. It includes strategies for system administrators, DevSecOps, developers and security professionals, helping them avoid common misconfigurations and implement recommended hardening measures and mitigations when deploying Kubernetes. Kubernetes clusters can be complex to secure and are often abused in compromises that exploit their misconfigurations. We will focus on below specific security configurations that can help build more secure Kubernetes clusters.

  • Container and Pod security
  • Network separation and hardening
  • Authentication and authorization
  • Audit Logging and Threat Detection

Post this talk, the audience will be able to understand the particular security risks related to Kubernetes and how one can prevent or mitigate them.

See also: Slides

Senior Product Security Engineer at Red Hat for OpenShift Container Platform and Storage offerings. Interested in cloud native technologies and believe in the security first approach - leverage integrations to make security a natural part of the product lifecycle starting at the very early stage of product design, development, build and release process.