Securing Kubernetes

Presented at BSidesSF 2017, Feb. 13, 2017, 2:10 p.m. (30 minutes)

The talk will begin with an overview of Kubernetes concepts and individual components. Next, I will walk through how authentication and authorization work in Kubernetes. Finally, I will explain how Hashicorp Vault's PKI backend can be used to issue certificates for Kubernetes transport security and authentication, and assist with authorization (by embedding group membership information within client certificates).

Presenters:

• Jesse Endahl - CSO & CPO - Fleetsmith
  Jesse is co-founder, CPO, and CSO at Fleetsmith. He previously worked at Dropbox, where he spent a year as an IT Engineer and two and a half years as an Infrastructure Security Engineer. Prior to Dropbox, he was the IT Manager at C&T Publishing, a publishing house in the Bay Area. Jesse cut his teeth on all things Apple early in his career, working as a Genius at the Apple Store during college. He studied Political Economy & Urbanization at the University of California, Berkeley, and is a classically trained vocalist.

Links:

• https://bsidessf2017.sched.com/event/9ILd/securing-kubernetes

Similar Presentations:

• Canterbury Hacker Camp (2022) / Attack on Kubernetes
• HushCon Seattle 2019 / Down the sinkhole with kubernetes
• DerbyCon 9.0 Finish Line (2019) / Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty