A lot of developers deploy their apps on a Kubernetes Cluster that is „managed by someone else“™ like Google, Amazon, Microsoft or the ops department. This also means someone else is responsible for securing the cluster, right? Wrong! Well, at least that‘s not the whole truth. There are plenty of security options available when using K8s: RBAC, securityContexts, Network Policies, PodSecurityPolicies, Kernel Security Modules, Services Meshes, etc.
But which ones are relevant for developers? And which are the most important ones?
In this talk, I will describe my personal K8s security best practice established throughout the last years while developing applications on Kubernetes clusters. It contains security options that can be applied with reasonable effort in our everyday lives as software developers and shows the effects of these options on our application’s security.