Kubernetes Security: A Developer's Nightmare?

Abstract

With the rise of Kubernetes, the Java developer has arrived in the SecDevOps age as well. But by the multitude of complex tasks, the necessary security is often neglected. Even in managed clusters of well-known cloud providers, there are many points of attack waiting to be exploited.

In this session, the security-critical components of a Kubernetes cluster are presented from a developer’s perspective. Typical security problems and corresponding measures to mitigate these will be shown. This includes topics such as Linux namespaces and capabilities, container security and pod security policies.

By the end of this presentation, you will know more thoroughly the essence of secure development on Kubernetes and how to escape the developer’s security nightmare.

Outline

Developing applications and deploying these securely as containerized instances into Kubernetes is hard. Kubernetes is a complex beast for developers. In this session attendees can expect to learn about:

• Linux security basics for (docker) containers
• How to create containers with secure coding patterns (like running with non-root etc.)
• Security patterns for Kubernetes (like pod security context etc.)
• Securely handling secrets in Kubernetes
• Useful tools for container image scanning, evaluating Kubernetes YAML configurations