More talks in the program:
This talk provides an overview of security concerns in the context of Kubernetes. We will focus on security best practices as well as tooling from a developer’s point of view. The goal is to familiarise developers with security features and provide suggestion around the following areas:
- container image hygiene (how to select base images, OpenSCAP, etc.)
- handling sensitive data (secrets, auditing)
- non-privileged containers (based on http://canihaznonprivilegedcontainers.info and PodSecurityPolicy)
- using Kubernetes RBAC (service accounts, default roles, securing your app)
- service communication control (Network Policies, Istio)
All best practices/recipes will be made available via a GitHub repo and I’ll demo some of them live.