Kubernetes allows you to build highly scalable containerized services, scale them and deploy them wherever you want. Using Kubernetes for datacenter orchestration allows you to move to a software-defined model for managing your infrastructure and software. It provides many things you need to deploy and scale your stack using containers, from networking, to storage APIs, and rich APIs for managing deployments and monitoring your infrastructure. Your services scale horizontally, they heal themselves, and magic happens. But someone has to keep it all secure.
In this presentation, I will share some security do’s and don’ts from experience with building a microservice architecture with Kubernetes. There are many layers to examine, including the usual suspects like authentication and authorization. We also need to think about secrets management, segmentation, and running containers as securely as possible.
We’ll look at how to securely deploy, design, and configure your environment and how to properly segment and isolate your services. We will examine how to reduce the attack surface through built-in security features and by implementing least-privilege access across your user and service accounts. I will also demonstrate an open-source tool called kubemate that automates analysis across your Kubernetes clusters and allows you to ask them complex questions about security architecture. At the end of this presentation, you’ll be prepared to make good secure architectural decisions from the beginning while using Kubernetes.