How to secure a Kubernetes cluster from scratch?
Deep Dive (INTERMEDIATE level)
Room 9
Score 0.10
Score 0.11
Score 0.11
Score 0.14
The match becomes increasingly accurate as the similarity score approaches zero.

"You just have deployed your first Kubernetes cluster. You are about to make it accessible to your developers, but your CISO falls on you: he asks you to present all the measures taken to secure the cluster." We will start by auditing the technical configuration of a Kubernetes cluster in order to identify vulnerabilities and apply patches to technical components. We will continue with the exploitation of Kubernetes primitives to implement security mechanisms (RBAC, AdmissionController, NetworkPolicy, SecurityContext, ...). We will then enrich the cluster with Open Policy Agent, a rules engine allowing us to apply finer control than Kubernetes primitives. We will also integrate Falco, a behavior analyzer to detect suspicious actions performed within containers and at the Kubernetes API Server level. We will end with the implementation of a CI/CD pipeline integrating a vulnerability analysis carried out with Clair in order to detect compromised images during the build.

Marion Nicolé

Former Geoscientist, I landed in the IT world by chance to discover a whole new world : Kubernetes and DevOps ! I have been working on these subjects for a few years with a strong architecture dimension, enthusiasm and eagerness to discover it all. But is there an end to the Opensource Kingdom ...?é

Ludovic TOISON
NFQ Asia

Passionate about computers since my childhood, I programmed my first website at 12 years old and I have never stopped coding since. After having built distributed systems in Java, I became interested in deploying and operating these systems in production with a particular emphasis on observability. I have been working for several years with Docker, Mesos/Marathon, Kubernetes, and Istio as a Technical Architect in order to support organizations in implementing these solutions.

Vincent Bodiou

I discovered computing when I was 10 thanks to my brothers and since I never stopped.

I started dealing with C++ and I discovered a world without pointer with Java; Today I deploy highly scalable apps using K8S, it's awesome !