SlideShare a Scribd company logo

PRO TALK - Kubernetes Security Workshop.pdf

A
AvinashDesireddy

Are you worried about granting too much access to resources on your Kubernetes cluster? With the extensible framework of Kubernetes, there is scarcely a day without a new tool popping up. In order to ensure the tools, users, and applications have appropriate security policies, a streamlined onboarding process is required. The onboarding process not only streamlines how securely we can grant access but also enables self-service capabilities improving the user experience. In this workshop, audiences will get a good understanding of common pitfalls and how to avoid them by leveraging the Role-Based architecture approach, pod security policies, admission controllers, policy enforcement through OPA, etc.

Technology
1 of 31
Download to read offline
Copyright © 2021 Mirantis, Inc. All rights reserved PRO TALK: Kubernetes Security Workshop Avinash Desireddy Sr. Solutions Architect
2 Sr. Solutions Architect @ Mirantis /avinashdesireddy /avinashdesiredd /avinashdesireddy AVINASH DESIREDDY SPEAKER Director, Professional Services @ Mirantis /anokun7 /anooplive /anoopkumarv ANOOP KUMAR MODERATOR
3 Kubernetes: Adoption, Security & Market Trends Source: The State of Containers and Kubernetes Security Report - Survey by StackRox(RedHat) in 2021 In the past 12 months, what security incidents or issues related to containers and/or Kubernetes have you experienced? Have you ever delayed or slowed down application deployment into production due to container or Kubernetes security concerns? What is your biggest concern about your company’s container strategy?
4 Code Code Best Practices Vulnerability scanners Container Restrict Images, Privileged The 4 C’s of Cloud-Native Security Cluster Authentication, Authorization, Admission, Network Policy Cloud Datacenter, Network, Servers 2 4 3 1
5 https://github.com/avinashdesireddy/k8s-security-workshop.git API ETCD Overview: Onboard Apps Securely Blue Red Green Worker Node Master Node SCHED C-M Worker Node Worker Node ● Isolate App teams Access rights? ● Protect clusters from restricted workloads? ● Protect communication layer in the cluster? Apps & App Teams Platform Engineer
6 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #1 - Grant access to Users Blue Red Green Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Role-Based Access Control A way of granting users access to Kubernetes API resources ❏ What API Resources a user should access? ❏ What Operations(Verbs) can be performed? ❏ Who can grant access? Apps & App Teams Platform Engineer
7 https://github.com/avinashdesireddy/k8s-security-workshop.git ClusterRoleBinding RoleBinding Role Based Access Control - List - Get - Watch - Create - Update - Patch - Delete Verbs / Actions Subjects Resources Role ClusterRole belongs to binds binds connects
8 https://github.com/avinashdesireddy/k8s-security-workshop.git ClusterRoleBinding RoleBinding Role Based Access Control - List - Get - Watch - Create - Update - Patch - Delete Verbs / Actions Subjects Resources Role ClusterRole belongs to binds binds connects apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: role-blue namespace: blue rules: - apiGroups: ["", "apps"] resources: ["deployments", "services"] verbs: ["create", "delete", "list"] apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: blue-rb namespace: blue-ns subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: blue roleRef: kind: Role name: role-blue apiGroup: rbac.authorization.k8s.io
9 https://github.com/avinashdesireddy/k8s-security-workshop.git Demo: RBAC ● Create Namespaces ● Grant Access to App Users to respective Namespaces ● Deploy 3 applications Environment Kubernetes IDE Access the cluster /avinashdesireddy/k8s-securi ty-workshop.git Mirantis Kubernetes Engine 1 Manager, 3 Worker Version - 1.21.3 Infrastructure Nodes, LB, DNS, etc
10 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Happy Users!!! POD POD POD POD POD POD POD POD POD POD POD Green Blue Red Apps & App Teams Platform Engineer
11 https://github.com/avinashdesireddy/k8s-security-workshop.git All of a sudden, Pods belong to App Blue started consuming a lot of memory in the cluster. How do we fix it? Resource Limits Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #2 POD POD POD POD POD POD POD POD POD POD POD
12 https://github.com/avinashdesireddy/k8s-security-workshop.git Scenario #2: Coordinating changes ● Identify Application Owner ● Ask Owner of App Blue to specify Memory & CPU Limits on Containers ● Configure Resource Quota & Limits on Namespaces
13 https://github.com/avinashdesireddy/k8s-security-workshop.git Scenario #2: Challenges ● How can we enforce these across all the applications in the cluster? ○ Reach out to multiple application to make changes? ○ Define Best Practices? ○ Monthly Audits?
Do you find it a challenge while agreeing on Cluster Best Practices with App Teams? ⓘ Start presenting to display the poll results on this slide.
15 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #2 - Policy Enforcement Blue Red Green POD POD POD POD POD POD POD POD POD POD POD Apps & App Teams Platform Engineer
16 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #2 - Policy Enforcement Blue Red Green POD POD POD POD POD POD POD POD POD POD POD Policies ❏ Set up Resource Limits on containers ❏ Set Resource Quota & Limits on Namespaces ❏ Images from approved registries ❏ Limit NodePort Services ❏ Specific labels Apps & App Teams Platform Engineer
17 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #2 - Policy Enforcement Blue Red Green POD POD POD POD POD POD POD POD POD POD POD Policies ❏ Set up Resource Limits on containers ❏ Set Resource Quota & Limits on Namespaces ❏ Images from approved registries ❏ Limit NodePort Services ❏ Specific labels Apps & App Teams Platform Engineer
18 https://github.com/avinashdesireddy/k8s-security-workshop.git Open Policy Agent (OPA) ● CNCF Graduated ● General Purpose Policy Engine ● Empowers admins with more CONTROL over the system ● REGO Language ● Gatekeeper → Admission Controller implementation of OPA
19 https://github.com/avinashdesireddy/k8s-security-workshop.git app.yaml Policy ConstraintTemplate Policy Constraint OPA in Kubernetes Admission Controller Gatekeeper/OPA defines kubectl apply validates Approve / deny
20 Demo: OPA ● Restrict NodePort Usage ● Enforce Container Resource Limits Environment Kubernetes IDE Access the cluster /avinashdesireddy/k8s-securi ty-workshop.git Mirantis Kubernetes Engine 1 Manager, 3 Worker Version - 1.21.3 Open Policy Agent / Gatekeeper
21 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Happy Users… Happy Cluster!!! Blue Red Green POD POD POD POD POD POD POD Apps & App Teams Platform Engineer
22 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #3: Network Security POD POD POD POD POD POD POD New features are added to App Blue, the pods must connect to an external MySql DB and to an exposed API in Green App Pod How do we control Network Traffic to/from Pods? Network Policies
23 Network Policy POD POD POD apiVersion : networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default spec: podSelector : matchLabels : role: db policyTypes : - Ingress - Egress ingress: - from: - ipBlock: cidr: 172.17.0.0/16 except: - 172.17.1.0/24 - namespaceSelector : matchLabels : project: myproject - podSelector : matchLabels : role: frontend ports: - protocol: TCP port: 6379 egress: - to: - ipBlock: cidr: 10.0.0.0/24 ports: - protocol: TCP port: 5978 ● Control Traffic to/from pods ● Traffic between pods are non-Isolated ● Namespace scoped ● Can be defined based on - ○ Pod, Namespace or IP Range
Who are using Network Policies? ⓘ Start presenting to display the poll results on this slide.
25 Default Deny Policy apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny-all spec: podSelector: {} policyTypes: - Ingress - Egress egress: - to: - namespaceSelector : matchLabels: kubernetes.io/metadata.name : kube-system podSelector: matchLabels: k8s-app: kube-dns ports: - protocol: UDP port: 53 - protocol: TCP port: 53 POD
26 https://github.com/avinashdesireddy/k8s-security-workshop.git Scenario #3: App Blue connecting to MySQL 13.56.49.134 172.31.0.0/24 App Blue POD POD 192.168.96.4 192.168.96.3 App Green POD POD 192.168.206.7 192.168.206.9 1 Open firewall rule on DB to allow connections from 172.31.0.0/24 on port 3306 1 Create Egress Network Policy based on PodSelector 3 Open firewall rule on Cluster Nodes to allow traffic to 13.56.49.134 on port 3306 2 apiVersion : networking.k8s.io/v1 kind: NetworkPolicy metadata: name: mysql-port-egress spec: podSelector : matchLabels : app: blue backend: mysql policyTypes : - Egress egress: - to: - ipBlock: cidr: 13.56.49.134/32 ports: - protocol: TCP port: 3306
27 https://github.com/avinashdesireddy/k8s-security-workshop.git Scenario #3: App Blue connecting to App Green 172.31.0.0/24 App Blue POD POD 192.168.96.4 192.168.96.3 App Green POD POD 192.168.206.7 192.168.206.9 Create Egress Network Policy based on Green PodSelector 1 Create Ingress Network Policy based on Blue PodSelector 2 apiVersion : networking.k8s.io/v1 kind: NetworkPolicy metadata: name: to-green-egress namespace: blue spec: podSelector : matchLabels : app: blue policyTypes : - Egress egress: - to: - podSelector : matchLabels : app: green ports: - protocol: TCP port: 8080 apiVersion : networking.k8s.io/v1 kind: NetworkPolicy metadata: name: from-blue-ingress namespace: green spec: podSelector : matchLabels : app: green policyTypes : - Ingress ingress: - from: - podSelector : matchLabels : app: blue
28 Demo: Network Policies ● Create Default Network Policies ● Allow access for “Blue” App to MySQL on Port 3306 ● Allow access for “Blue” App to access “Green” Application’s API Environment Mirantis Kubernetes Engine Kubernetes IDE Access the cluster /avinashdesireddy/k8s-securi ty-workshop.git Mirantis Kubernetes Engine 1 Manager, 3 Worker Version - 1.21.3 Kubernetes Network Policies
29 https://github.com/avinashdesireddy/k8s-security-workshop.git CNIs with Network Policy Support ● Weave ● Calico ● Cilium ● Kube-router ● Istio
30 https://github.com/avinashdesireddy/k8s-security-workshop.git Apps & App Teams Platform Engineer Takeaways… Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Blue Red Green Enforce Policies Build RBAC Strategy Start with Zero-Trust Network Policy
31 https://github.com/avinashdesireddy/k8s-security-workshop.git Thank you! /avinashdesiredd /anooplive

Recommended

Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)QAware GmbH
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
 
In Search of Segmentation
In Search of SegmentationIn Search of Segmentation
In Search of SegmentationAdrian Cockcroft
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleParis Container Day
 
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...Agile Testing Alliance
 
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...InfluxData
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 

Recommended

Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)QAware GmbH
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
 
In Search of Segmentation
In Search of SegmentationIn Search of Segmentation
In Search of SegmentationAdrian Cockcroft
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleParis Container Day
 
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...Agile Testing Alliance
 
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...InfluxData
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
 
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYWhy Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYEnterprise Management Associates
 
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian SkerrettIoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian SkerrettParam Singh
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
 
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ... Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...MayaData Inc
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDocker, Inc.
 
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16AppDynamics
 
Scaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdfScaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdfKatamaRajuBandigari1
 
Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMPursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMMark Secretario
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container EnvironmentsTwistlock
 
Bindu_Resume
Bindu_ResumeBindu_Resume
Bindu_ResumeHIMABINDU CHITRAPU
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Emily Jiang
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Emily Jiang
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesQAware GmbH
 
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)bridgetkromhout
 
Cross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE PredixCross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE PredixAltoros
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
 
K8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For KubernetesK8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For KubernetesMedya Ghazizadeh
 
DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...Laurent Grangeau
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

More Related Content

Similar to PRO TALK - Kubernetes Security Workshop.pdf

Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
 
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYWhy Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYEnterprise Management Associates
 
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian SkerrettIoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian SkerrettParam Singh
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
 
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ... Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...MayaData Inc
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDocker, Inc.
 
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16AppDynamics
 
Scaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdfScaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdfKatamaRajuBandigari1
 
Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMPursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMMark Secretario
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container EnvironmentsTwistlock
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Emily Jiang
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Emily Jiang
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesQAware GmbH
 
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)bridgetkromhout
 
Cross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE PredixCross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE PredixAltoros
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
 
K8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For KubernetesK8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For KubernetesMedya Ghazizadeh
 
DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...Laurent Grangeau
 

Similar to PRO TALK - Kubernetes Security Workshop.pdf (20)

Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
 
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYWhy Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
 
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian SkerrettIoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
 
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ... Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
 
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
 
Scaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdfScaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdf
 
Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMPursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideM
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container Environments
 
Bindu_Resume
Bindu_ResumeBindu_Resume
Bindu_Resume
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
 
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
 
Cross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE PredixCross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE Predix
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
 
K8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For KubernetesK8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For Kubernetes
 
DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

PRO TALK - Kubernetes Security Workshop.pdf