Suraj Deshmukh, profile picture
Uploaded bySuraj Deshmukh
491 views

Kubernetes Security Updates from Kubecon 2018 Seattle

The document outlines recent Kubernetes security updates and new features, such as enhanced service account token management, the introduction of runtime class capabilities for heterogeneous container runtimes, and node restriction improvements. It also highlights the graduation of secret data encryption at rest and dynamic audit backend configurations. Additional announcements include a forthcoming bug bounty program and references to further resources and community engagement.

Embed presentation

Download to read offline
Kubernetes Security Updates Suraj Deshmukh
$ whoami ● Suraj Deshmukh ● works @ Kinvolk ● Twitter @surajd_ ● Kubernetes Slack @surajd ● Blog suraj.io
ServiceAccount
Features ● Fixed limited duration ● Every pod gets a different service account token ● Kubelet handles rotation of the token ● Force rotate by restarting the pod ● Not stored in secret, directly mounted inside the pod ● Need to re-read the token since it changes periodically ● Specify audiences so token is valid to talk to only those services
New API TokenRequest TokenRequestProjection BoundServiceAccountTokenVolume KEP: Service Account Token Volumes & Bound Service Account Tokens
RuntimeClass
Features ● Run heterogeneous container runtimes in cluster, allows you to run VMs and containers together. ● Scheduling based on RuntimeClass is work in progress. KEP: Runtime Class
● Field in PodSpec called runtimeClassName ● RuntimeClass New API
NodeRestriction
Features ● Add restriction to kubelet ● Node isolation ● Prevent nodes from updating taints & their own labels specifically node-restriction.kubernetes.io/* ● Can’t delete the node object itself ● Warn on whitelisted modifications
Encrypting Secret Data at Rest
Features ● Graduated from experimental ● Define what resources you want to be encrypted ● Supports various encryption providers: aescbc, secretbox, aesgcm, kms ● Solves the long standing problem of credentials not being safe with Kubernetes.
EncryptionConfiguration New API
Dynamic Audit backend
Features ● Dynamically configure the audit backends ● No need to provide information to apiserver via flags
New API AuditSink
Other announcements ● Bug bounty program is coming to Kubernetes
References ● Transition ServiceAccount admission controller to improved service account token volumes #70679 ● Kubernetes Contributor Summit 2018 - Security Through the Ages ● Deep Dive: Container Identity WG - Greg Castle & Michael Danese, Google ● Encrypting Secret Data at Rest ● NodeRestriction ● Dynamic Backend ● Audit in Kubernetes, the Future is Here - Stefan Schimanski & Maciej Szulik, Red Hat
Connect with us ● Twitter @k8sBLR ● Join Kubernetes slack slack.k8s.io and channel #in-dev & #in-users ● GSOC for Kubernetes announced!
Kubernetes Security Updates from Kubecon 2018 Seattle

More Related Content

PDF
Hardening Kubernetes by Securing Pods
bySuraj Deshmukh
 
PDF
User authentication and authorizarion in Kubernetes
byNeependra Khare
 
PDF
Role based access control - RBAC - Kubernetes
byMilan Das
 
PDF
Kubescape single pane of glass
byLibbySchulze1
 
PDF
Whats new in brigade 2
byLibbySchulze
 
PDF
Intro to creating kubernetes operators
byJuraj Hantak
 
PDF
The evolving container landscape
byNilesh Trivedi
 
PDF
What you have to know about Certified Kubernetes Administrator (CKA)
byOpsta
 
Hardening Kubernetes by Securing Pods
bySuraj Deshmukh
 
User authentication and authorizarion in Kubernetes
byNeependra Khare
 
Role based access control - RBAC - Kubernetes
byMilan Das
 
Kubescape single pane of glass
byLibbySchulze1
 
Whats new in brigade 2
byLibbySchulze
 
Intro to creating kubernetes operators
byJuraj Hantak
 
The evolving container landscape
byNilesh Trivedi
 
What you have to know about Certified Kubernetes Administrator (CKA)
byOpsta
 

What's hot

PDF
Mirantis Contributions to Kubernetes Ecosystem
byMoscowKubernetes
 
PDF
DCSF19 Deploying Istio as an Ingress Controller
byDocker, Inc.
 
PPTX
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
byCodemotion
 
PDF
Istio (service mesh) why and how
byMilan Das
 
PDF
Kubernetes Policy As Code usando WebAssembly | Flavio Castelli
byKCDItaly
 
PPTX
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
byVMware Tanzu
 
PDF
Introduction of Kubernetes - Trang Nguyen
byTrang Nguyen
 
PDF
Getting started with Azure Container Service (AKS)
byJanakiram MSV
 
PDF
What is Google Cloud Good For at DevFestInspire 2021
byRobert John
 
PDF
Introduction to Kubernetes and Google Container Engine (GKE)
byOpsta
 
PDF
Meetup 22 - 04 - Logging and Monitoring at scale on Kubernetes
byVietnam Open Infrastructure User Group
 
PDF
Kubernetes - Security Journey
byJerry Jalava
 
ODP
Kubernetes Architecture
byKnoldus Inc.
 
PDF
16. Cncf meetup-docker
byJuraj Hantak
 
PDF
Introduction to Kubernetes with demo
byOpsta
 
PDF
Service Mesh For Beginner
byMien Dinh
 
PDF
Extending Kubernetes
byJohannes Rudolph
 
PPTX
Kubernetes Security
byKarthik Gaekwad
 
PDF
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...
byCodemotion
 
PDF
Secure your Quarkus applications | DevNation Tech Talk
byRed Hat Developers
 
Mirantis Contributions to Kubernetes Ecosystem
byMoscowKubernetes
 
DCSF19 Deploying Istio as an Ingress Controller
byDocker, Inc.
 
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
byCodemotion
 
Istio (service mesh) why and how
byMilan Das
 
Kubernetes Policy As Code usando WebAssembly | Flavio Castelli
byKCDItaly
 
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
byVMware Tanzu
 
Introduction of Kubernetes - Trang Nguyen
byTrang Nguyen
 
Getting started with Azure Container Service (AKS)
byJanakiram MSV
 
What is Google Cloud Good For at DevFestInspire 2021
byRobert John
 
Introduction to Kubernetes and Google Container Engine (GKE)
byOpsta
 
Meetup 22 - 04 - Logging and Monitoring at scale on Kubernetes
byVietnam Open Infrastructure User Group
 
Kubernetes - Security Journey
byJerry Jalava
 
Kubernetes Architecture
byKnoldus Inc.
 
16. Cncf meetup-docker
byJuraj Hantak
 
Introduction to Kubernetes with demo
byOpsta
 
Service Mesh For Beginner
byMien Dinh
 
Extending Kubernetes
byJohannes Rudolph
 
Kubernetes Security
byKarthik Gaekwad
 
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...
byCodemotion
 
Secure your Quarkus applications | DevNation Tech Talk
byRed Hat Developers
 

Similar to Kubernetes Security Updates from Kubecon 2018 Seattle

PPTX
12 Ways Not to get 'Hacked' your Kubernetes Cluster
bySuman Chakraborty
 
PDF
Introduction to Kubernetes Security (Aqua & Weaveworks)
byWeaveworks
 
PDF
Attacking and Defending Kubernetes - Nithin Jois
byOWASP Hacker Thursday
 
PDF
Introduction to Kubernetes RBAC
byKublr
 
PDF
Shifting security left simplifying security for k8s open shift environments
byLibbySchulze
 
PDF
Download full Managing Kubernetes operating Kubernetes clusters in the real w...
byduduhasikul
 
PPTX
Kubernetes Security Act Now Before It’s Too Late
byMichael Furman
 
PDF
Appsecco Kubernetes Hacking Masterclass Presentation Slides
byAppsecco
 
PPTX
Kubernetes_Security_In_Depth_Practical r
byCseManit
 
PDF
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
byDevOpsDays Riga
 
PDF
Cloud Native Aachen Meetup - Aug 21, 2025
byroehlclemens
 
PDF
Autodesk Fusion 360 Crack + License Key Free
bytaniyaali162
 
PDF
SmartFTP Enterprise 10.0.3277 Crack + License Key [2025]
byroppashagger
 
PDF
Hardening Kubernetes Cluster
byKnoldus Inc.
 
PDF
SCaLE 19x - Eric Smalling - Hardening against Kubernetes Hacks
byEric Smalling
 
PDF
Kubernetes 1.27 Webinar.pdf
byLibbySchulze1
 
PDF
Managing Kubernetes operating Kubernetes clusters in the real world First Edi...
byjayedmonotbp
 
PPTX
Basics of Kubernetes on BOSH: Run Production-grade Kubernetes on the SDDC
byMatt McNeeney
 
PDF
Kubernetes Security Best Practices for DevOps
byDevOps.com
 
PDF
DevOpsDays Chicago 2022 - Hands-on hacking containers and ways to prevent it
byEric Smalling
 
12 Ways Not to get 'Hacked' your Kubernetes Cluster
bySuman Chakraborty
 
Introduction to Kubernetes Security (Aqua & Weaveworks)
byWeaveworks
 
Attacking and Defending Kubernetes - Nithin Jois
byOWASP Hacker Thursday
 
Introduction to Kubernetes RBAC
byKublr
 
Shifting security left simplifying security for k8s open shift environments
byLibbySchulze
 
Download full Managing Kubernetes operating Kubernetes clusters in the real w...
byduduhasikul
 
Kubernetes Security Act Now Before It’s Too Late
byMichael Furman
 
Appsecco Kubernetes Hacking Masterclass Presentation Slides
byAppsecco
 
Kubernetes_Security_In_Depth_Practical r
byCseManit
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
byDevOpsDays Riga
 
Cloud Native Aachen Meetup - Aug 21, 2025
byroehlclemens
 
Autodesk Fusion 360 Crack + License Key Free
bytaniyaali162
 
SmartFTP Enterprise 10.0.3277 Crack + License Key [2025]
byroppashagger
 
Hardening Kubernetes Cluster
byKnoldus Inc.
 
SCaLE 19x - Eric Smalling - Hardening against Kubernetes Hacks
byEric Smalling
 
Kubernetes 1.27 Webinar.pdf
byLibbySchulze1
 
Managing Kubernetes operating Kubernetes clusters in the real world First Edi...
byjayedmonotbp
 
Basics of Kubernetes on BOSH: Run Production-grade Kubernetes on the SDDC
byMatt McNeeney
 
Kubernetes Security Best Practices for DevOps
byDevOps.com
 
DevOpsDays Chicago 2022 - Hands-on hacking containers and ways to prevent it
byEric Smalling
 

More from Suraj Deshmukh

PDF
Building Container Defence Executable at a Time.pdf
bySuraj Deshmukh
 
PDF
Kubernetes psp and beyond
bySuraj Deshmukh
 
PDF
Making kubernetes simple for developers
bySuraj Deshmukh
 
PDF
Microservices on Kubernetes - The simple way
bySuraj Deshmukh
 
PDF
Kubernetes on CRI-O
bySuraj Deshmukh
 
PDF
Taking containers from development to production
bySuraj Deshmukh
 
PDF
JSONSchema with golang
bySuraj Deshmukh
 
PDF
What's new in kubernetes 1.3?
bySuraj Deshmukh
 
PDF
Python testing using mock and pytest
bySuraj Deshmukh
 
PDF
OpenShift meetup Bangalore
bySuraj Deshmukh
 
PDF
macvlan and ipvlan
bySuraj Deshmukh
 
PDF
Henge
bySuraj Deshmukh
 
Building Container Defence Executable at a Time.pdf
bySuraj Deshmukh
 
Kubernetes psp and beyond
bySuraj Deshmukh
 
Making kubernetes simple for developers
bySuraj Deshmukh
 
Microservices on Kubernetes - The simple way
bySuraj Deshmukh
 
Kubernetes on CRI-O
bySuraj Deshmukh
 
Taking containers from development to production
bySuraj Deshmukh
 
JSONSchema with golang
bySuraj Deshmukh
 
What's new in kubernetes 1.3?
bySuraj Deshmukh
 
Python testing using mock and pytest
bySuraj Deshmukh
 
OpenShift meetup Bangalore
bySuraj Deshmukh
 
macvlan and ipvlan
bySuraj Deshmukh
 
Henge
bySuraj Deshmukh
 

Recently uploaded

PDF
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
PDF
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PDF
The Modern Architect's Codex: Design Patterns in .NET 9
byVineet Sharma
 
PDF
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
PPTX
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PPTX
Topic: Introduction to Storage Elements Flip-Flops.pptx
byhn486916
 
PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
PDF
ACE Aarhus February 2026: Atlassian news
byDanielEriksen5
 
PDF
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
PDF
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
PPTX
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
PDF
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PDF
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
PDF
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
The Modern Architect's Codex: Design Patterns in .NET 9
byVineet Sharma
 
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Topic: Introduction to Storage Elements Flip-Flops.pptx
byhn486916
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
ACE Aarhus February 2026: Atlassian news
byDanielEriksen5
 
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 

Kubernetes Security Updates from Kubecon 2018 Seattle