Rootconf 2019

Rootconf 2019

On infrastructure security, DevOps and distributed systems.

About Rootconf 2019:

The seventh edition of Rootconf is a two-track conference with:

  1. Security talks and tutorials in audi 1 and 2 on 21 June.
  2. Talks on DevOps, distributed systems and SRE in audi 1 and audi 2 on 22 June.

Topics and schedule:

View full schedule here: https://hasgeek.com/rootconf/2019/schedule

Rootconf 2019 includes talks and Birds of Feather (BOF) sessions on:

  1. OSINT and its applications
  2. Key management, encryption and its costs
  3. Running a bug bounty programme in your organization
  4. PolarDB architecture as Cloud Native Architecture, developed by Alibaba Cloud
  5. Vitess
  6. SRE and running distributed teams
  7. Routing security
  8. Log analytics
  9. Enabling SRE via automated feedback loops
  10. TOR for DevOps

Who should attend Rootconf?

  1. DevOps programmers
  2. DevOps leads
  3. Systems engineers
  4. Infrastructure security professionals and experts
  5. DevSecOps teams
  6. Cloud service providers
  7. Companies with heavy cloud usage
  8. Providers of the pieces on which an organization’s IT infrastructure runs – monitoring, log management, alerting, etc
  9. Organizations dealing with large network systems where data must be protected
  10. VPs of engineering
  11. Engineering managers looking to optimize infrastructure and teams

For information about Rootconf and bulk ticket purchases, contact info@hasgeek.com or call 7676332020. Only community sponsorships available.

Rootconf 2019 sponsors:

Platinum Sponsor

CRED

Gold Sponsors

Atlassian Endurance Trusting Social

Silver Sponsors

Digital Ocean GO-JEK Paytm

Bronze Sponsors

MySQL sumo logic upcloud
platform sh nilenso CloudSEK

Exhibition Sponsor

FreeBSD Foundation

Community Sponsors

Ansible PlanetScale

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Suraj Deshmukh

@suraj-deshmukh

Using Pod Security Policies to harden your Kubernetes cluster

Submitted Mar 17, 2019

In a multi-tenant Kubernetes cluster there is a high probability that a malicious user can break out of the pods and snoop over the traffic on the network or read secrets of other users mounted on that node.

As a cluster admin, to protect interests of other users, you would want some measure to lock down users to their own constrained environment. Pod Security Policy can help achieve exactly that. It is your first line of defense against uncontained pods.

This presentation will highlight various benefits of locking down the workloads using PSP & striking the right balance of security vs usability. Hence bringing in the security mindset while developing & deploying applications. By the end of the presentation users will be convinced to use PSP as their one of the default security measures.

Outline

This talk will start with current state of Kubernetes security and how folks are setting up their clusters. How folks are using shortcuts to get around changing their old bad practices. The talk will explain folks what’s worst that can happen if they keep using those bad practices. Specially in the multi-tenant setup this can lead to massive breakouts.

The above topics are there to create a ground for folks to appreciate the security feature of Kubernetes Pod Security Policy.

We then come to core of the talk this is where I will explain what Pod Security Policy is and how it can help in hardening the cluster. I will explain all the supported features that PSP has and what feature stops what kind of attack vector in a multi-tenant untrusted environment.

Also I will explain the benefits of having secure & hardened clusters from the development phase itself and how it helps you understand and catch the issues that you might encounter only while deploying on production.

Requirements

There is no requirements in terms of bringing anything from the participants. They should just have basic understanding of Kubernetes is the assumption.

Speaker bio

Suraj is involved in the Kubernetes community from the days of 1.3 release. He mainly worked on the project Kompose and areas of app definition with mission of making Kubernetes easier for developers to consume. He has spoken at various conferences like FOSDEM, Pycon India, DevConf India and DevOpsDays India. He is co-organizer of Kubernetes Bangalore meetup which is active and diverse in terms of people, organizations and projects for two years now. He currently works for Kinvolk where they are building secure by default Kubernetes distribution.

Links

Slides

https://www.slideshare.net/surajssd009005/hardening-kubernetes-by-securing-pods

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more