Kubernetes (IN)security

Elevator Pitch

Kubernetes has become the operating system of the Internet, more and more organizations prefer to run their workloads on the cloud because is “cheaper” but that comes with a cost: cluster miss-configuration, leaked cluster credentials, crypto miners, container escape and vulnerable clusters.

Description

Why are more and more companies moving to the Cloud?

Why is everybody talking about Kubernetes? Is it good? Is it Secure?

In this talk you will learn about Kubernetes and how it works, then you will explore common attack vectors used against Kubernetes infrastructure (“The threat matrix of Kubernetes”) as well as protections you can put in place to mitigate risk and stop attackers to damage your organization (RBAC, Security Context, Network Policies, Monitoring, Pod Security Policies, OPA, Container hardening, etc.)

Technical requirements

• Basic knowledge of cloud computing
• Basic/intermediate knowledge about Linux and containers.
• Basic knowledge about Internet protocols such as HTTP and DNS

Who should attend

While there’s no minimum required experience to attend, this talk will best suited for:

• Software Engineers
• Security Engineers
• Cloud Engineers
• DevOps people
• Incident response / penetration testers / hackers
• Any person that wants to learn more about Kubernetes

Slides

• Kubernetes (IN)Security - Google Slides

Recordings

• kubernetes (IN)security with Alevskey - YouTube

• Kubernetes (IN)Security - Attacking and defending modern infrastructure -OpenInfraDays Mexico 2022 - YouTube