About Rootconf 2019:
The seventh edition of Rootconf is a two-track conference with:
- Security talks and tutorials in audi 1 and 2 on 21 June.
- Talks on DevOps, distributed systems and SRE in audi 1 and audi 2 on 22 June.
Topics and schedule:
View full schedule here: https://hasgeek.com/rootconf/2019/schedule
Rootconf 2019 includes talks and Birds of Feather (BOF) sessions on:
- OSINT and its applications
- Key management, encryption and its costs
- Running a bug bounty programme in your organization
- PolarDB architecture as Cloud Native Architecture, developed by Alibaba Cloud
- SRE and running distributed teams
- Routing security
- Log analytics
- Enabling SRE via automated feedback loops
- TOR for DevOps
Who should attend Rootconf?
- DevOps programmers
- DevOps leads
- Systems engineers
- Infrastructure security professionals and experts
- DevSecOps teams
- Cloud service providers
- Companies with heavy cloud usage
- Providers of the pieces on which an organization’s IT infrastructure runs – monitoring, log management, alerting, etc
- Organizations dealing with large network systems where data must be protected
- VPs of engineering
- Engineering managers looking to optimize infrastructure and teams
For information about Rootconf and bulk ticket purchases, contact firstname.lastname@example.org or call 7676332020. Only community sponsorships available.
Rootconf 2019 sponsors:
Using Pod Security Policies to harden your Kubernetes cluster
In a multi-tenant Kubernetes cluster there is a high probability that a malicious user can break out of the pods and snoop over the traffic on the network or read secrets of other users mounted on that node.
As a cluster admin, to protect interests of other users, you would want some measure to lock down users to their own constrained environment. Pod Security Policy can help achieve exactly that. It is your first line of defense against uncontained pods.
This presentation will highlight various benefits of locking down the workloads using PSP & striking the right balance of security vs usability. Hence bringing in the security mindset while developing & deploying applications. By the end of the presentation users will be convinced to use PSP as their one of the default security measures.
This talk will start with current state of Kubernetes security and how folks are setting up their clusters. How folks are using shortcuts to get around changing their old bad practices. The talk will explain folks what’s worst that can happen if they keep using those bad practices. Specially in the multi-tenant setup this can lead to massive breakouts.
The above topics are there to create a ground for folks to appreciate the security feature of Kubernetes Pod Security Policy.
We then come to core of the talk this is where I will explain what Pod Security Policy is and how it can help in hardening the cluster. I will explain all the supported features that PSP has and what feature stops what kind of attack vector in a multi-tenant untrusted environment.
Also I will explain the benefits of having secure & hardened clusters from the development phase itself and how it helps you understand and catch the issues that you might encounter only while deploying on production.
There is no requirements in terms of bringing anything from the participants. They should just have basic understanding of Kubernetes is the assumption.
Suraj is involved in the Kubernetes community from the days of 1.3 release. He mainly worked on the project Kompose and areas of app definition with mission of making Kubernetes easier for developers to consume. He has spoken at various conferences like FOSDEM, Pycon India, DevConf India and DevOpsDays India. He is co-organizer of Kubernetes Bangalore meetup which is active and diverse in terms of people, organizations and projects for two years now. He currently works for Kinvolk where they are building secure by default Kubernetes distribution.
- Blog: https://suraj.io/
- Twitter: https://twitter.com/surajd_
- GH: https://github.com/surajssd
- StackOverflow: https://stackoverflow.com/users/3848679/surajd
- LinkedIN: https://www.linkedin.com/in/suraj-deshmukh-0205b834/
- Slideshare: https://www.slideshare.net/surajssd009005