SlideShare a Scribd company logo

Constellation - The first always encrypted Kubernetes by Moritz Eckert

ContainerDay Security 2023
ContainerDay Security 2023

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. Confidential computing is a relatively new technology that allows one to keep workloads encrypted and isolated in memory during processing. If used correctly, confidential computing can shield workloads from the underlying cloud. It's the first technology that effectively prevents data access from the cloud provider and its employees, co-tenants, and hackers coming through the infrastructure. Constellation (https://github.com/edgelesssys/constellation) is an open-source K8s distro/engine that applies the confidential-computing concept to entire K8s clusters. Constellation ensures that all data in the cluster is always encrypted - at rest, in transit, and at runtime. Constellation also provides hardware-rooted "whole cluster" attestation with which the integrity of a cluster can be verified remotely. (This process partly relies on the amazing Sigstore project.) Operations-wise, Constellation is very much vanilla K8s and should work with existing tooling. It's easy to set up and the security features are largely transparent to the DevOps engineer. To run, Constellation requires the availability of "Confidential VMs", which are available in Azure, GCP and elsewhere. In this talk, I'll give an introduction to confidential computing, discuss the motivation behind Constellation, discuss the exciting use cases, give an overview over its architecture, and show a demo.

Technology
1 of 29
Download to read offline
Constellation - The first always encrypted Kubernetes
2 Your app Cloud admin Datacenter employee Cloud How to protect against Infrastructure based threats? Other tenant Foreign government Hacker
3 Infrastructure based threats
4 Your app Cloud admin Datacenter employee Cloud How to protect against Infrastructure based threats? Other tenant Foreign government Hacker
5 Your app Cloud admin Datacenter employee Cloud Confidential computing protects with runtime encryption & remote attestation Other tenant Foreign government Hacker
6 Confidential VMs Intel TDX, ARM CCA Defining properties AMD SEV 🏝 Isolation 🏃‍♀️ Runtime memory-encryption 📃 Remote attestation 🔒 Sealing of state … Hypervisor Hardware App Guest OS Host OS
7 Where is Confidential Computing available?
8 Who is using it? Banking, financial services & insurance Telecom, Edge & IoT Gov. & public sector Healthcare & life science Manufacturing Retail
9 Level 1 Protect keys Level 2 Protect single containers/apps Level 3 Protect entire deployments The different flavors of confidential computing
10 Node B Node A Storage Confidential context #1 Confidential context #2 Cloud DevOps engineer From a Confidential VM…
11 Node B Node A Storage DevOps engineer Cloud Confidential context Attestation … to a Confidential Cluster
12 Node B Node A Storage Cloud DevOps engineer Constellation Nodes Confidential VM
13 Unified Kernel Image Bootloader Constellation Nodes … Firmware Bootstrapper k8s State Disk rootFS Pod …
14 On prem Manually managed Fully managed Automatically managed by CSP Join Update OS Scale Update K8s Cluster management strategies Join Update OS Scale Update K8s Admin in control CSP in control
15 In cluster Autonomously managed Join Update OS Scale Update K8s … meeting in the middle Admin & cluster in control Confidential context
16 Constellation Services JoinService KeyService Node Operator …
17 Autonomous Join New node New node Join Service Join Service aTLS handshake Request to Join JoinToken, …
18 Node B Node A Storage Cloud DevOps engineer Current status… Attestation
19 Encryption in transit
20 Encryption in transit • Wireguard VPN between Nodes • Strict-mode preventing any leaked packages due to only eventually consistent state • Blog post coming soon on blog.cilium.io
21 Encryption at rest: Kubernetes cluster state ✓ Storing etcd on encrypted and integrity protected disks ▪ Recovery: ✓ Automatically if at least one etcd node is healthy ▪ Manually via CLI in case of a disaster
22 Encryption at rest: Volumes Problem: Backend-encryption not enough – need in-cluster encryption ▪ CSI plugins for encrypted block storage (Azure Disk , Google PD) ▪ Encrypted RWX File and Blob storage based on Rook/Ceph
23 Node B Node A Storage DevOps engineer Cloud Attestation … bringing it all together
24 constellation config generate <cloud> constellation create constellation init kubectl [scale anything!] Demo
Conclusion
26 Container Container + Cloud storage DevOps engineer The first always encrypted Kubernetes
27 Protection against infrastructure based threats Status quo Datacenter employee BIOS & Firmware Host OS Hypervisor Cloud admin Guest OS Application Software and insiders with potential access to data. You don’t have to trust the cloud provider and cloud admins anymore. BIOS & Firmware Host OS Hypervisor Cloud admin Guest OS Application Datacenter employee Workload Infrastructure / cloud provider Workload Infrastructure / cloud provider
28 Learn more
29 Thanks! ▪ Check it out on GitHub: https://github.com/edgelesssys/constellation ▪ Get in touch via @m1ghtymo ▪ Or join us @ https://discord.gg/rH8QTH56JN Learn more CLI demo Features, benchmarks, etc. App demos:

Recommended

What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?Priyanka Aash
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overviewMark Argent
 
Autopilot : Securing Cloud Native Storage
Autopilot : Securing Cloud Native StorageAutopilot : Securing Cloud Native Storage
Autopilot : Securing Cloud Native StorageSF Bay Cloud Native Open Infra Meetup
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
Containers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesContainers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesNEXTtour
 
.NET Fest 2019. Alex Thissen. Architecting .NET solutions in a Docker ecosystem
.NET Fest 2019. Alex Thissen. Architecting .NET solutions in a Docker ecosystem.NET Fest 2019. Alex Thissen. Architecting .NET solutions in a Docker ecosystem
.NET Fest 2019. Alex Thissen. Architecting .NET solutions in a Docker ecosystemNETFest
 
Gordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windowsGordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windowsDocker, Inc.
 
Kubernetes fingerprinting with Prometheus.pdf
Kubernetes fingerprinting with Prometheus.pdfKubernetes fingerprinting with Prometheus.pdf
Kubernetes fingerprinting with Prometheus.pdfKawimbaLofgrens
 

Recommended

What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?Priyanka Aash
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overviewMark Argent
 
Autopilot : Securing Cloud Native Storage
Autopilot : Securing Cloud Native StorageAutopilot : Securing Cloud Native Storage
Autopilot : Securing Cloud Native StorageSF Bay Cloud Native Open Infra Meetup
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
Containers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesContainers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesNEXTtour
 
.NET Fest 2019. Alex Thissen. Architecting .NET solutions in a Docker ecosystem
.NET Fest 2019. Alex Thissen. Architecting .NET solutions in a Docker ecosystem.NET Fest 2019. Alex Thissen. Architecting .NET solutions in a Docker ecosystem
.NET Fest 2019. Alex Thissen. Architecting .NET solutions in a Docker ecosystemNETFest
 
Gordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windowsGordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windowsDocker, Inc.
 
Kubernetes fingerprinting with Prometheus.pdf
Kubernetes fingerprinting with Prometheus.pdfKubernetes fingerprinting with Prometheus.pdf
Kubernetes fingerprinting with Prometheus.pdfKawimbaLofgrens
 
OpenEBS Technical Workshop - KubeCon San Diego 2019
OpenEBS Technical Workshop - KubeCon San Diego 2019OpenEBS Technical Workshop - KubeCon San Diego 2019
OpenEBS Technical Workshop - KubeCon San Diego 2019MayaData Inc
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesQAware GmbH
 
Dok Talks #140 - Data protection of stateful environment
Dok Talks #140 - Data protection of stateful environmentDok Talks #140 - Data protection of stateful environment
Dok Talks #140 - Data protection of stateful environmentDoKC
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbain|u - The Open Security Community
 
Cloud orchestration risks
Cloud orchestration risksCloud orchestration risks
Cloud orchestration risksGlib Pakharenko
 
Docker San Diego 2015-03-25
Docker San Diego 2015-03-25Docker San Diego 2015-03-25
Docker San Diego 2015-03-25Casey Bisson
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
 
Container Security Mmanagement
Container Security MmanagementContainer Security Mmanagement
Container Security MmanagementSuresh Thivanka Rupasinghe
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldC4Media
 
VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld
 
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"LogeekNightUkraine
 
Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019
Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019
Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019Alex Thissen
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Patrick Chanezon
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive KubernetesIBM France Lab
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico MeisenzahlHow to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico MeisenzahlContainerDay Security 2023
 
Container Security Scanning by Timo Pagel
Container Security Scanning by Timo PagelContainer Security Scanning by Timo Pagel
Container Security Scanning by Timo PagelContainerDay Security 2023
 

More Related Content

Similar to Constellation - The first always encrypted Kubernetes by Moritz Eckert

OpenEBS Technical Workshop - KubeCon San Diego 2019
OpenEBS Technical Workshop - KubeCon San Diego 2019OpenEBS Technical Workshop - KubeCon San Diego 2019
OpenEBS Technical Workshop - KubeCon San Diego 2019MayaData Inc
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesQAware GmbH
 
Dok Talks #140 - Data protection of stateful environment
Dok Talks #140 - Data protection of stateful environmentDok Talks #140 - Data protection of stateful environment
Dok Talks #140 - Data protection of stateful environmentDoKC
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
Cloud orchestration risks
Cloud orchestration risksCloud orchestration risks
Cloud orchestration risksGlib Pakharenko
 
Docker San Diego 2015-03-25
Docker San Diego 2015-03-25Docker San Diego 2015-03-25
Docker San Diego 2015-03-25Casey Bisson
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldC4Media
 
VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld
 
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"LogeekNightUkraine
 
Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019
Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019
Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019Alex Thissen
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Patrick Chanezon
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive KubernetesIBM France Lab
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 

Similar to Constellation - The first always encrypted Kubernetes by Moritz Eckert (20)

OpenEBS Technical Workshop - KubeCon San Diego 2019
OpenEBS Technical Workshop - KubeCon San Diego 2019OpenEBS Technical Workshop - KubeCon San Diego 2019
OpenEBS Technical Workshop - KubeCon San Diego 2019
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
 
Dok Talks #140 - Data protection of stateful environment
Dok Talks #140 - Data protection of stateful environmentDok Talks #140 - Data protection of stateful environment
Dok Talks #140 - Data protection of stateful environment
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container Platform
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 
Cloud orchestration risks
Cloud orchestration risksCloud orchestration risks
Cloud orchestration risks
 
Docker San Diego 2015-03-25
Docker San Diego 2015-03-25Docker San Diego 2015-03-25
Docker San Diego 2015-03-25
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
 
Container Security Mmanagement
Container Security MmanagementContainer Security Mmanagement
Container Security Mmanagement
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New World
 
VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
 
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
 
Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019
Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019
Architecting .NET solutions in a Docker ecosystem - .NET Fest Kyiv 2019
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 

More from ContainerDay Security 2023

How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico MeisenzahlHow to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico MeisenzahlContainerDay Security 2023
 
Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •
Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •
Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •ContainerDay Security 2023
 
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico MeisenzahlHow to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico MeisenzahlContainerDay Security 2023
 
Hardening automation with Kubespray by Alessio Greggi
Hardening automation with Kubespray by Alessio GreggiHardening automation with Kubespray by Alessio Greggi
Hardening automation with Kubespray by Alessio GreggiContainerDay Security 2023
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...ContainerDay Security 2023
 
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn ContainerDay Security 2023
 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertContainerDay Security 2023
 
Lines of Defense - Securing your Kubernetes Clusters by Koray Oksay
Lines of Defense - Securing your Kubernetes Clusters by Koray OksayLines of Defense - Securing your Kubernetes Clusters by Koray Oksay
Lines of Defense - Securing your Kubernetes Clusters by Koray OksayContainerDay Security 2023
 

More from ContainerDay Security 2023 (11)

How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico MeisenzahlHow to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
 
Container Security Scanning by Timo Pagel
Container Security Scanning by Timo PagelContainer Security Scanning by Timo Pagel
Container Security Scanning by Timo Pagel
 
Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •
Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •
Cloud Hacking Scenarios by Michał Brygidyn Mar. 10, 2023 • 0 likes •
 
Container Security Scanning by Timo Pagel
Container Security Scanning by Timo PagelContainer Security Scanning by Timo Pagel
Container Security Scanning by Timo Pagel
 
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico MeisenzahlHow to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl
 
Hardening automation with Kubespray by Alessio Greggi
Hardening automation with Kubespray by Alessio GreggiHardening automation with Kubespray by Alessio Greggi
Hardening automation with Kubespray by Alessio Greggi
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
 
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
 
Constellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz EckertConstellation - The first always encrypted Kubernetes by Moritz Eckert
Constellation - The first always encrypted Kubernetes by Moritz Eckert
 
Cloud Hacking Scenarios by Michał Brygidyn
Cloud Hacking Scenarios by Michał BrygidynCloud Hacking Scenarios by Michał Brygidyn
Cloud Hacking Scenarios by Michał Brygidyn
 
Lines of Defense - Securing your Kubernetes Clusters by Koray Oksay
Lines of Defense - Securing your Kubernetes Clusters by Koray OksayLines of Defense - Securing your Kubernetes Clusters by Koray Oksay
Lines of Defense - Securing your Kubernetes Clusters by Koray Oksay
 

Recently uploaded

How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Recently uploaded (20)

How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Constellation - The first always encrypted Kubernetes by Moritz Eckert