Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Art of Building Secure Kubernetes Pipelines

The Art of Building Secure Kubernetes Pipelines

Slides for talk for KubeSec Enterprise Online 2021, on 11 February, 2021.

Renaldi Gondosubroto

February 10, 2021
Tweet

More Decks by Renaldi Gondosubroto

Other Decks in Technology

Transcript

  1. Presented to you by: KubeSec Enterprise Online A Webinar Series

    www.aquasec.com |@AquaSecTeam | #KubeSec2021
  2. Housekeeping Housekeeping To ask a question click on the Question

    button to the right hand chat menu Questions A recording of this session will be made available to all attendees Recording Feedback on the webinar series, topics you’d like to see, welcome at [email protected] Feedback www.aquasec.com |@AquaSecTeam | #KubeSec2021
  3. A Bit About Myself • 12x AWS, 3x Azure Certified

    and 2x Google Cloud Certified • Personal field of interest is in penetration testing and accessibility practices • On the side: Running meetups, hackathons, doing tech talks and VR tech enthusiast Renaldi Gondosubroto Founder and Developer Advocate @ GReS Studio @Renaldig @renaldigondosubroto
  4. The Agenda Admission Controllers Vulnerability Scanning The Motivation 01 02

    03 Security Guidelines for Business 04 What we Got Out of it 05
  5. Poll #1: Where do you run your Kubernetes containers? •

    A. On-premises • B. On the cloud • C. Hybrid
  6. The Motivation • Keeping updated with the world of cybersecurity,

    especially with the ‘work from home’ culture • The growing use of Kubernetes • Securing Infrastructure from the start and continuously
  7. Vulnerability Scanning – An Overview • Understanding it depends on

    understanding the tool’s scope • Can be as shallow as scanning operation system package manager versions • Can go deeper to check permissions of entities, policies, etc
  8. Approaches to Vulnerability Scanning So what’s scanned? • Packages (OS,

    app library) • Configurations • Secrets • Compressed files Scan encompasses all or a few layers 81e53fs1192 0B d83526jy5593 1.762 KB c5251b82621 186.5 KB b2c5g55d7f3s 190.2 MB
  9. Building with Admission Controllers API HTTP handler Authentication Authorization Mutating

    admission Object Schema Validation Validating admission Persisted to etcd Webhook Webhook
  10. Deciding Security Guidelines for your Business • What are your

    current security guidelines? • Are security practitioners in the company already used to the practices (e.g. image scanning) • What are the security considerations that need to be considered?
  11. Poll #2: Which Methodology Do You Use for Developing and

    Security? • A. DevSecOps • B. DevOps • C. Agile • D. Waterfall • E. Other
  12. The Future of Kubernetes Security • The continuous notion of

    policy as security • The left and right shift of container security • The greater need for in during work from home
  13. What we Got Out of it Better practices for future

    groundwork Better client feedback Better Analytics
  14. Simple It’s simple to implement Up-to-date Users appreciate security with

    updates Usability Ensure that the service is still usable The Wrap-up Code as security Because it’s all about the code Feedback Continuous evaluation through feedback builds security Future Use it as a pathway towards future security