Building Secure Kubernetes Clusters with Identity Management

Presented at BSidesDC 2019, Oct. 25, 2019, 8 a.m. (240 minutes).

What goes into building a secure kubernetes cluster? Most of the reading you’ll find focuses on TLS and container design. An area that is often overlooked is identity management. Who’s accessing the cluster? Why do they need access? Do they still need access? Are they accessing the cluster using the correct credentials? In this class we’ll build a kubernetes cluster with identity management as the primary focus. You’ll learn how to: 1. Use centralized authentication for the nodes and masters at the host level 2. Integrate a running cluster with OpenID Connect 3. Automate the creation of network and pod security policies 4. Lock down access to the Kubernetes dashboard 5. Integrate Jenkins into your cluster and lock down its access In addition to building your cluster, we’ll explore how identity interacts through your pipeline and container registry strategies. By the time you’re done with this class you’ll have seen how identity and automation plays a crucial role in securing your clusters.

Presenters:

  • Marc Boorshtein - CTO at Tremolo Security, Inc.
    Marc has nearly fifteen years of identity, credential, and access management experience coming from backgrounds of software engineering, product development, and consulting. He is experienced in designing, building and deploying solutions, as well as working directly with the security teams analyzing compliance requirements and their impacts for remediation. Marc has lead the architect teams for multiple civilian agencies FICAM programs. He has spoken at KubeCon 2017, Google’s DevFest 2016, ISSA, and given multiple briefings on identity management for OpenShift Commons. He has also presented on OpenShift identity management at Red Hat Summit in 2017.

Links:

Similar Presentations: