マスター タイトルの書式設定
Kubernetes security
3
● You can think about security in layers.
● The 4C's of Cloud Native security are Cloud, Clusters, Containers, and Code.
https://kubernetes.io/docs/concepts/security/overview/
Slide 5
Slide 5 text
マスター タイトルの書式設定
Kubernetes security
4
● Cloud
● Network, Host, Endpoint security
● Data protection and encryption
● Identity and Access management
● Vulnerlability and Config analytics
● Logging, Monitoring, Tracing
● ・・・
マスター タイトルの書式設定
Kubernetes-native security tool kit
14
● Integrates security tools into the k8s environment.
● Users can find and view risks.
● Starboard provides CRD and go module to work with those tools.
● v0.2.5 (2020/6/28)
https://github.com/aquasecurity/starboard
● Overview
マスター タイトルの書式設定
Kubernetes-native security tool kit
17
● Roadmap
● Roll-up of security risk information in each namespace
● Starboard Admission Webhook that can take policy decisions based on the security
information from any Starboard-compatible CRD
● ・・・
https://blog.aquasec.com/starboard-kubernetes-tools
マスター タイトルの書式設定
Getting Started
22
Check
# starboard polaris
Slide 24
Slide 24 text
マスター タイトルの書式設定
Getting Started
23
Check
# starboard kube-hunter
Slide 25
Slide 25 text
マスター タイトルの書式設定
Getting Started
24
Starboard CLI
Usage:
starboard [command]
Available Commands:
cleanup Delete custom resource definitions created by starboard
find Manage security scanners
get Get security reports
help Help about any command
init Create custom resource definitions used by starboard
kube-bench Run the CIS Kubernetes Benchmark https://www.cisecurity.org/benchmark/kubernetes
kube-hunter Hunt for security weaknesses
polaris Run a variety of checks to ensure that Kubernetes pods and controllers are configured using best practices
rbac Get RBAC config to run starboard
version Print the version information
Slide 26
Slide 26 text
マスター タイトルの書式設定
Takeaways
25
Slide 27
Slide 27 text
マスター タイトルの書式設定
Takeaways
26
Points of interest to me
● Operational Functions
● Filtering of vulnerability check results in octant
● PCI-DSS / HIPAA / GDPR
● Issue Management / Triage
● Alerting / Reporting
● Availability of CSRD
Slide 28
Slide 28 text
マスター タイトルの書式設定
If you’re interested,
let’s contribute to starboard
and grow it!
27