Speaker Details

Vincent Bodiou

I discovered computing when I was 10 thanks to my brothers and since I never stopped.

I started dealing with C++ and I discovered a world without pointer with Java; Today I deploy highly scalable apps using K8S, it's awesome !

How to secure a Kubernetes cluster from scratch?
Deep Dive (INTERMEDIATE level)
Room 9

"You just have deployed your first Kubernetes cluster. You are about to make it accessible to your developers, but your CISO falls on you: he asks you to present all the measures taken to secure the cluster." We will start by auditing the technical configuration of a Kubernetes cluster in order to identify vulnerabilities and apply patches to technical components. We will continue with the exploitation of Kubernetes primitives to implement security mechanisms (RBAC, AdmissionController, NetworkPolicy, SecurityContext, ...). We will then enrich the cluster with Open Policy Agent, a rules engine allowing us to apply finer control than Kubernetes primitives. We will also integrate Falco, a behavior analyzer to detect suspicious actions performed within containers and at the Kubernetes API Server level. We will end with the implementation of a CI/CD pipeline integrating a vulnerability analysis carried out with Clair in order to detect compromised images during the build.