SlideShare uma empresa Scribd logo

Kasten securing access to your kubernetes applications

L
LibbySchulze

Kasten securing access to your kubernetes applications

Internet
1 de 25
Baixar para ler offline
Securing Access to Your Kubernetes Applications Using Dex for Authentication & Role Based Access Control (RBAC) for Authorization
Deepika Dixit Software Engineer Introductions Onkar Bhat Engineering Manager
Securing Access to Your K8 Application ● You are the administrator of an IT department who wants to deploy an application in a Kubernetes cluster. ● You want to avoid adopting a new authentication workflow. ● Users in your organization are accustomed to using their existing Active Directory credentials for accessing apps. ● Can you authenticate users against it when they access applications in Kubernetes? Dex can help you! ● You’ve solved the authentication piece of the puzzle. ● Do you have different types of users? ○ Cluster administrators ○ App administrators ○ Read only users ● How do you grant varying levels of access to these users Kubernetes has your RBAC!
What is Dex ? ● Dex is an identity service that uses OpenID Connect to drive authentication for other apps. ● Dex acts as a portal to other identity providers through “connectors.”
What is a connector? Implements the logic for authenticating against an upstream IDP ● LDAP ● Openshift OAuth ● GitHub ● Google
Install Dex Using Helm ● helm repo add dex https://charts.dexidp.io ● helm install dex dex/dex -f dex-values.yaml NAME: dex LAST DEPLOYED: Wed Mar 17 21:06:49 2021 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=dex,app.kubernetes.io/instance=dex" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
Dex Configuration
Dex
Client Registration
LDAP Connector
Port Forwarding kubectl --namespace dex port-forward $POD_NAME 8080:$CONTAINER_PORT Forwarding from 127.0.0.1:8080 -> 5556 Forwarding from [::1]:8080 -> 5556
Install and Run the Example Application ● git clone https://github.com/dexidp/dex.git ● cd dex/examples/example-app ● go build ● ./example-app --issuer http://127.0.0.1:8080 2021/03/16 20:52:02 listening on http://127.0.0.1:5555
demo
Demo Claims: { "iss": "http://127.0.0.1:8080", "sub": "CgVvbmthchIEbGRhcA", "aud": "example-app", "exp": 1616037593, "iat": 1615951193, "at_hash": "S9b817ZpFhdA6Ezw-nEEdA", "email": "onkar", "email_verified": true, "groups": [ "K10admins" ], "name": "onkar", "preferred_username": "onkar" }
What is Kubernetes RBAC? 1. Kubernetes defines RBAC as “Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization.” 2. RBAC is a flexible and powerful method, where you define rules once and use them multiple times. 3. Allows access control over resources not just within a cluster but within the application as well. 4. Defines clearly “who” has access to “what”. 5. Allows for dynamically calculating access as applications change and grow.
Why do you need RBAC? ✓ Multi-tenancy is an important concern, especially as clusters and applications mature after the initial hurdles of infrastructure and setup. ✓ How to restrict users access to just their applications and components within their applications is a crucial administrative decision. ✓ Users can have their own setup and be unaware of other users in the same cluster/system. ✓ Allows separation and security between users and applications.
Roles and ClusterRoles apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: example-role Rules: # multiple rules can be added - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "watch", "list"] apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: # "namespace" omitted since ClusterRoles are not namespaced name: example-clusterole rules: - apiGroups: [""] resources: ["secrets"] verbs: ["create", "get" , "watch", "list"]
Rules and Resources apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: example-role rules: - apiGroups: ["mygroup.example.com" ] resources: ["pods"] resourceNames: ["mypod"] verbs: ["get", "watch", "list"] apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: example-role-all rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"]
Subjects Users subjects: - kind: User name: "alice@example.com" Groups subjects: - kind: Group name: "frontend-admins" Service Account subjects: - kind: ServiceAccount name: default namespace: kube-system
RoleBindings apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: read-pods namespace: default subjects: # You can specify more than one "subject" - kind: User name: jane # "name" is case sensitive apiGroup: rbac.authorization.k8s.io roleRef: # "roleRef" specifies the binding to a Role / ClusterRole kind: Role #this must be Role or ClusterRole name: pod-reader # this must match the name of the Role or ClusterRole you wish to bind to apiGroup: rbac.authorization.k8s.io
ClusterRoleBindings apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: read-secrets-global subjects: - kind: Group name: manager # Name is case sensitive apiGroup: rbac.authorization.k8s.io - kind: ServiceAccount name: test-sa namespace: default apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: secret-reader apiGroup: rbac.authorization.k8s.io
How, What, When? Role v/s ClusterRole? ● Use Roles when rules are limited to a certain namespace ● Use ClusterRoles when rules are to be be defined across multiple namespaces and span Resources/APIGroups not limited to a certain namespaces or if runtime namespace is not known in advance RoleBinding v/s ClusterRoleBinding? ● Use RoleBindings to limit subjects to a particular namespace ● Use ClusterRoleBindings to give cluster-wide access to subjects Users v/s Groups? ● Use Users when specific user is known ● Use Groups to give all users belonging to the same group the same access level
How can I check what access a user has? Kubectl auth can-i ✓ Kubectl tool to check user access ✓ Checks roles and bindings across the cluster to verify access ✓ Allows impersonation as user or group to verify access control across the list of subjects
demo
References RBAC https://kubernetes.io/docs/reference/access-authn-authz/rbac/ Dex https://dexidp.io/ https://github.com/dexidp/helm-charts #dexidp at kubernetes.slack.com https://aws.amazon.com/blogs/security/how-to-configure-ldaps-endpoint-for-simple-ad/

Recomendados

Why your APIs should fly first class
Why your APIs should fly first classWhy your APIs should fly first class
Why your APIs should fly first classLibbySchulze
 
OpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerOpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerSmartBear
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...SmartBear
 
Tools and techniques for APIs
Tools and techniques for APIsTools and techniques for APIs
Tools and techniques for APIsJason Harmon
 
Advanced Automation in Your API Lifecycle
Advanced Automation in Your API Lifecycle Advanced Automation in Your API Lifecycle
Advanced Automation in Your API Lifecycle SmartBear
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Nordic APIs
 
WSO2 Product Release Webinar - WSO2 App Factory 2.1
WSO2 Product Release Webinar - WSO2 App Factory 2.1WSO2 Product Release Webinar - WSO2 App Factory 2.1
WSO2 Product Release Webinar - WSO2 App Factory 2.1WSO2
 
TDD for Microservices
TDD for MicroservicesTDD for Microservices
TDD for MicroservicesVMware Tanzu
 

Recomendados

Why your APIs should fly first class
Why your APIs should fly first classWhy your APIs should fly first class
Why your APIs should fly first classLibbySchulze
 
OpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerOpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerSmartBear
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...SmartBear
 
Tools and techniques for APIs
Tools and techniques for APIsTools and techniques for APIs
Tools and techniques for APIsJason Harmon
 
Advanced Automation in Your API Lifecycle
Advanced Automation in Your API Lifecycle Advanced Automation in Your API Lifecycle
Advanced Automation in Your API Lifecycle SmartBear
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Nordic APIs
 
WSO2 Product Release Webinar - WSO2 App Factory 2.1
WSO2 Product Release Webinar - WSO2 App Factory 2.1WSO2 Product Release Webinar - WSO2 App Factory 2.1
WSO2 Product Release Webinar - WSO2 App Factory 2.1WSO2
 
TDD for Microservices
TDD for MicroservicesTDD for Microservices
TDD for MicroservicesVMware Tanzu
 
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...apidays
 
Effective API Lifecycle Management
Effective API Lifecycle Management Effective API Lifecycle Management
Effective API Lifecycle Management SmartBear
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...Michael Kuehne-Schlinkert
 
Understanding and Executing on API Developer Experience
Understanding and Executing on API Developer ExperienceUnderstanding and Executing on API Developer Experience
Understanding and Executing on API Developer ExperienceSmartBear
 
Versioning strategy for a complex internal API (Konstantin Yakushev)
Versioning strategy for a complex internal API (Konstantin Yakushev)Versioning strategy for a complex internal API (Konstantin Yakushev)
Versioning strategy for a complex internal API (Konstantin Yakushev)Nordic APIs
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Nordic APIs
 
Build pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSLBuild pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSLAnton Arhipov
 
Advanced Mocking for Swagger APIs
Advanced Mocking for Swagger APIsAdvanced Mocking for Swagger APIs
Advanced Mocking for Swagger APIsSmartBear
 
A Hitchhiker's Guide to Cloud-Native API Gateways
A Hitchhiker's Guide to Cloud-Native API GatewaysA Hitchhiker's Guide to Cloud-Native API Gateways
A Hitchhiker's Guide to Cloud-Native API GatewaysQAware GmbH
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupNeerajKumar1965
 
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
 
API Creation to Iteration without the Frustration
API Creation to Iteration without the FrustrationAPI Creation to Iteration without the Frustration
API Creation to Iteration without the FrustrationNordic APIs
 
The Swagger Format becomes the Open API Specification: Standardizing descript...
The Swagger Format becomes the Open API Specification: Standardizing descript...The Swagger Format becomes the Open API Specification: Standardizing descript...
The Swagger Format becomes the Open API Specification: Standardizing descript...3scale
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
BENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICS
BENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICSBENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICS
BENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICSbrtechnosoft2018
 
Running the-next-generation-of-cloud-native-applications-using-open-applicati...
Running the-next-generation-of-cloud-native-applications-using-open-applicati...Running the-next-generation-of-cloud-native-applications-using-open-applicati...
Running the-next-generation-of-cloud-native-applications-using-open-applicati...NaveedAhmad239
 
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays
 
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...SmartBear
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
API Design Collaboration
API Design CollaborationAPI Design Collaboration
API Design CollaborationUchit Vyas ☁
 
Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs
Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs
Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbsAWS Chicago
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...wesley chun
 

Mais conteúdo relacionado

Mais procurados

apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...apidays
 
Effective API Lifecycle Management
Effective API Lifecycle Management Effective API Lifecycle Management
Effective API Lifecycle Management SmartBear
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...Michael Kuehne-Schlinkert
 
Understanding and Executing on API Developer Experience
Understanding and Executing on API Developer ExperienceUnderstanding and Executing on API Developer Experience
Understanding and Executing on API Developer ExperienceSmartBear
 
Versioning strategy for a complex internal API (Konstantin Yakushev)
Versioning strategy for a complex internal API (Konstantin Yakushev)Versioning strategy for a complex internal API (Konstantin Yakushev)
Versioning strategy for a complex internal API (Konstantin Yakushev)Nordic APIs
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Nordic APIs
 
Build pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSLBuild pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSLAnton Arhipov
 
Advanced Mocking for Swagger APIs
Advanced Mocking for Swagger APIsAdvanced Mocking for Swagger APIs
Advanced Mocking for Swagger APIsSmartBear
 
A Hitchhiker's Guide to Cloud-Native API Gateways
A Hitchhiker's Guide to Cloud-Native API GatewaysA Hitchhiker's Guide to Cloud-Native API Gateways
A Hitchhiker's Guide to Cloud-Native API GatewaysQAware GmbH
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupNeerajKumar1965
 
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
 
API Creation to Iteration without the Frustration
API Creation to Iteration without the FrustrationAPI Creation to Iteration without the Frustration
API Creation to Iteration without the FrustrationNordic APIs
 
The Swagger Format becomes the Open API Specification: Standardizing descript...
The Swagger Format becomes the Open API Specification: Standardizing descript...The Swagger Format becomes the Open API Specification: Standardizing descript...
The Swagger Format becomes the Open API Specification: Standardizing descript...3scale
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
BENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICS
BENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICSBENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICS
BENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICSbrtechnosoft2018
 
Running the-next-generation-of-cloud-native-applications-using-open-applicati...
Running the-next-generation-of-cloud-native-applications-using-open-applicati...Running the-next-generation-of-cloud-native-applications-using-open-applicati...
Running the-next-generation-of-cloud-native-applications-using-open-applicati...NaveedAhmad239
 
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays
 
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...SmartBear
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
API Design Collaboration
API Design CollaborationAPI Design Collaboration
API Design CollaborationUchit Vyas ☁
 

Mais procurados (20)

apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
 
Effective API Lifecycle Management
Effective API Lifecycle Management Effective API Lifecycle Management
Effective API Lifecycle Management
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
 
Understanding and Executing on API Developer Experience
Understanding and Executing on API Developer ExperienceUnderstanding and Executing on API Developer Experience
Understanding and Executing on API Developer Experience
 
Versioning strategy for a complex internal API (Konstantin Yakushev)
Versioning strategy for a complex internal API (Konstantin Yakushev)Versioning strategy for a complex internal API (Konstantin Yakushev)
Versioning strategy for a complex internal API (Konstantin Yakushev)
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)
 
Build pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSLBuild pipelines with TeamCity and Kotlin DSL
Build pipelines with TeamCity and Kotlin DSL
 
Advanced Mocking for Swagger APIs
Advanced Mocking for Swagger APIsAdvanced Mocking for Swagger APIs
Advanced Mocking for Swagger APIs
 
A Hitchhiker's Guide to Cloud-Native API Gateways
A Hitchhiker's Guide to Cloud-Native API GatewaysA Hitchhiker's Guide to Cloud-Native API Gateways
A Hitchhiker's Guide to Cloud-Native API Gateways
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up Group
 
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
 
API Creation to Iteration without the Frustration
API Creation to Iteration without the FrustrationAPI Creation to Iteration without the Frustration
API Creation to Iteration without the Frustration
 
The Swagger Format becomes the Open API Specification: Standardizing descript...
The Swagger Format becomes the Open API Specification: Standardizing descript...The Swagger Format becomes the Open API Specification: Standardizing descript...
The Swagger Format becomes the Open API Specification: Standardizing descript...
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
BENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICS
BENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICSBENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICS
BENEFIT OF FLUTTER APP DEVELOPMENT - INFOGRAPHICS
 
Running the-next-generation-of-cloud-native-applications-using-open-applicati...
Running the-next-generation-of-cloud-native-applications-using-open-applicati...Running the-next-generation-of-cloud-native-applications-using-open-applicati...
Running the-next-generation-of-cloud-native-applications-using-open-applicati...
 
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
 
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
 
API Design Collaboration
API Design CollaborationAPI Design Collaboration
API Design Collaboration
 

Semelhante a Kasten securing access to your kubernetes applications

Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs
Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs
Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbsAWS Chicago
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...wesley chun
 
Open shift enterprise 3.1 paas on kubernetes
Open shift enterprise 3.1 paas on kubernetesOpen shift enterprise 3.1 paas on kubernetes
Open shift enterprise 3.1 paas on kubernetesSamuel Terburg
 
2.28.17 Introducing DSpace 7 Webinar Slides
2.28.17 Introducing DSpace 7 Webinar Slides2.28.17 Introducing DSpace 7 Webinar Slides
2.28.17 Introducing DSpace 7 Webinar SlidesDuraSpace
 
Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteAtlassian
 
Operator SDK for K8s using Go
Operator SDK for K8s using GoOperator SDK for K8s using Go
Operator SDK for K8s using GoCloudOps2005
 
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...KubeAcademy
 
apidays LIVE Paris - Exploring an API with Blocks by Larry Kluger
apidays LIVE Paris - Exploring an API with Blocks by Larry Klugerapidays LIVE Paris - Exploring an API with Blocks by Larry Kluger
apidays LIVE Paris - Exploring an API with Blocks by Larry Klugerapidays
 
Node Interactive: Node.js Performance and Highly Scalable Micro-Services
Node Interactive: Node.js Performance and Highly Scalable Micro-ServicesNode Interactive: Node.js Performance and Highly Scalable Micro-Services
Node Interactive: Node.js Performance and Highly Scalable Micro-ServicesChris Bailey
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeBen Hall
 
How to Contribute to Apache Usergrid
How to Contribute to Apache UsergridHow to Contribute to Apache Usergrid
How to Contribute to Apache UsergridDavid M. Johnson
 
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013Amazon Web Services
 
Building a Dev/Test Cloud with Apache CloudStack
Building a Dev/Test Cloud with Apache CloudStackBuilding a Dev/Test Cloud with Apache CloudStack
Building a Dev/Test Cloud with Apache CloudStackke4qqq
 
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agentsPVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agentsAndrey Karpov
 
Exploring Google APIs 102: Cloud vs. non-GCP Google APIs
Exploring Google APIs 102: Cloud vs. non-GCP Google APIsExploring Google APIs 102: Cloud vs. non-GCP Google APIs
Exploring Google APIs 102: Cloud vs. non-GCP Google APIswesley chun
 
IBM Cloud University: Build, Deploy and Scale Node.js Microservices
IBM Cloud University: Build, Deploy and Scale Node.js MicroservicesIBM Cloud University: Build, Deploy and Scale Node.js Microservices
IBM Cloud University: Build, Deploy and Scale Node.js MicroservicesChris Bailey
 
Working with PowerVC via its REST APIs
Working with PowerVC via its REST APIsWorking with PowerVC via its REST APIs
Working with PowerVC via its REST APIsJoe Cropper
 

Semelhante a Kasten securing access to your kubernetes applications (20)

Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs
Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs
Serverless Framework Workshop - Tyler Hendrickson, Chicago/burbs
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...Build an AI/ML-driven image archive processing workflow: Image archive, analy...
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
 
Open shift enterprise 3.1 paas on kubernetes
Open shift enterprise 3.1 paas on kubernetesOpen shift enterprise 3.1 paas on kubernetes
Open shift enterprise 3.1 paas on kubernetes
 
2.28.17 Introducing DSpace 7 Webinar Slides
2.28.17 Introducing DSpace 7 Webinar Slides2.28.17 Introducing DSpace 7 Webinar Slides
2.28.17 Introducing DSpace 7 Webinar Slides
 
Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code Suite
 
Operator SDK for K8s using Go
Operator SDK for K8s using GoOperator SDK for K8s using Go
Operator SDK for K8s using Go
 
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
 
apidays LIVE Paris - Exploring an API with Blocks by Larry Kluger
apidays LIVE Paris - Exploring an API with Blocks by Larry Klugerapidays LIVE Paris - Exploring an API with Blocks by Larry Kluger
apidays LIVE Paris - Exploring an API with Blocks by Larry Kluger
 
Hands on the gradle
Hands on the gradleHands on the gradle
Hands on the gradle
 
Node Interactive: Node.js Performance and Highly Scalable Micro-Services
Node Interactive: Node.js Performance and Highly Scalable Micro-ServicesNode Interactive: Node.js Performance and Highly Scalable Micro-Services
Node Interactive: Node.js Performance and Highly Scalable Micro-Services
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and Kubernetes
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
 
How to Contribute to Apache Usergrid
How to Contribute to Apache UsergridHow to Contribute to Apache Usergrid
How to Contribute to Apache Usergrid
 
Introduction to Hydra
Introduction to HydraIntroduction to Hydra
Introduction to Hydra
 
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
 
Building a Dev/Test Cloud with Apache CloudStack
Building a Dev/Test Cloud with Apache CloudStackBuilding a Dev/Test Cloud with Apache CloudStack
Building a Dev/Test Cloud with Apache CloudStack
 
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agentsPVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
 
Exploring Google APIs 102: Cloud vs. non-GCP Google APIs
Exploring Google APIs 102: Cloud vs. non-GCP Google APIsExploring Google APIs 102: Cloud vs. non-GCP Google APIs
Exploring Google APIs 102: Cloud vs. non-GCP Google APIs
 
IBM Cloud University: Build, Deploy and Scale Node.js Microservices
IBM Cloud University: Build, Deploy and Scale Node.js MicroservicesIBM Cloud University: Build, Deploy and Scale Node.js Microservices
IBM Cloud University: Build, Deploy and Scale Node.js Microservices
 
Working with PowerVC via its REST APIs
Working with PowerVC via its REST APIsWorking with PowerVC via its REST APIs
Working with PowerVC via its REST APIs
 

Mais de LibbySchulze

Running distributed tests with k6.pdf
Running distributed tests with k6.pdfRunning distributed tests with k6.pdf
Running distributed tests with k6.pdfLibbySchulze
 
Extending Kubectl.pptx
Extending Kubectl.pptxExtending Kubectl.pptx
Extending Kubectl.pptxLibbySchulze
 
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo WorkflowsEnhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo WorkflowsLibbySchulze
 
Fallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdfFallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdfLibbySchulze
 
Intro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdfIntro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdfLibbySchulze
 
Enhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptxEnhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptxLibbySchulze
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfLibbySchulze
 
Oh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfOh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfLibbySchulze
 
Rancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptxRancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptxLibbySchulze
 
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptxvFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptxLibbySchulze
 
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVMCNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVMLibbySchulze
 
EnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdfEnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdfLibbySchulze
 
AirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdfAirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdfLibbySchulze
 
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...LibbySchulze
 
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...LibbySchulze
 
CNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdfCNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdfLibbySchulze
 
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdfCNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdfLibbySchulze
 
Securing Windows workloads.pdf
Securing Windows workloads.pdfSecuring Windows workloads.pdf
Securing Windows workloads.pdfLibbySchulze
 
Securing Windows workloads.pdf
Securing Windows workloads.pdfSecuring Windows workloads.pdf
Securing Windows workloads.pdfLibbySchulze
 
Advancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for AzureAdvancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for AzureLibbySchulze
 

Mais de LibbySchulze (20)

Running distributed tests with k6.pdf
Running distributed tests with k6.pdfRunning distributed tests with k6.pdf
Running distributed tests with k6.pdf
 
Extending Kubectl.pptx
Extending Kubectl.pptxExtending Kubectl.pptx
Extending Kubectl.pptx
 
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo WorkflowsEnhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo Workflows
 
Fallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdfFallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdf
 
Intro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdfIntro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdf
 
Enhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptxEnhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptx
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
 
Oh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfOh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdf
 
Rancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptxRancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptx
 
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptxvFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
 
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVMCNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
 
EnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdfEnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdf
 
AirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdfAirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdf
 
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
 
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
 
CNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdfCNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdf
 
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdfCNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
 
Securing Windows workloads.pdf
Securing Windows workloads.pdfSecuring Windows workloads.pdf
Securing Windows workloads.pdf
 
Securing Windows workloads.pdf
Securing Windows workloads.pdfSecuring Windows workloads.pdf
Securing Windows workloads.pdf
 
Advancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for AzureAdvancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for Azure
 

Último

( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...nilamkumrai
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...SUHANI PANDEY
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceEscorts Call Girls
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 

Último (20)

( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 

Kasten securing access to your kubernetes applications

  • 1. Securing Access to Your Kubernetes Applications Using Dex for Authentication & Role Based Access Control (RBAC) for Authorization
  • 3. Securing Access to Your K8 Application ● You are the administrator of an IT department who wants to deploy an application in a Kubernetes cluster. ● You want to avoid adopting a new authentication workflow. ● Users in your organization are accustomed to using their existing Active Directory credentials for accessing apps. ● Can you authenticate users against it when they access applications in Kubernetes? Dex can help you! ● You’ve solved the authentication piece of the puzzle. ● Do you have different types of users? ○ Cluster administrators ○ App administrators ○ Read only users ● How do you grant varying levels of access to these users Kubernetes has your RBAC!
  • 4. What is Dex ? ● Dex is an identity service that uses OpenID Connect to drive authentication for other apps. ● Dex acts as a portal to other identity providers through “connectors.”
  • 5. What is a connector? Implements the logic for authenticating against an upstream IDP ● LDAP ● Openshift OAuth ● GitHub ● Google
  • 6. Install Dex Using Helm ● helm repo add dex https://charts.dexidp.io ● helm install dex dex/dex -f dex-values.yaml NAME: dex LAST DEPLOYED: Wed Mar 17 21:06:49 2021 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=dex,app.kubernetes.io/instance=dex" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
  • 8. Dex
  • 11. Port Forwarding kubectl --namespace dex port-forward $POD_NAME 8080:$CONTAINER_PORT Forwarding from 127.0.0.1:8080 -> 5556 Forwarding from [::1]:8080 -> 5556
  • 12. Install and Run the Example Application ● git clone https://github.com/dexidp/dex.git ● cd dex/examples/example-app ● go build ● ./example-app --issuer http://127.0.0.1:8080 2021/03/16 20:52:02 listening on http://127.0.0.1:5555
  • 13. demo
  • 14. Demo Claims: { "iss": "http://127.0.0.1:8080", "sub": "CgVvbmthchIEbGRhcA", "aud": "example-app", "exp": 1616037593, "iat": 1615951193, "at_hash": "S9b817ZpFhdA6Ezw-nEEdA", "email": "onkar", "email_verified": true, "groups": [ "K10admins" ], "name": "onkar", "preferred_username": "onkar" }
  • 15. What is Kubernetes RBAC? 1. Kubernetes defines RBAC as “Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization.” 2. RBAC is a flexible and powerful method, where you define rules once and use them multiple times. 3. Allows access control over resources not just within a cluster but within the application as well. 4. Defines clearly “who” has access to “what”. 5. Allows for dynamically calculating access as applications change and grow.
  • 16. Why do you need RBAC? ✓ Multi-tenancy is an important concern, especially as clusters and applications mature after the initial hurdles of infrastructure and setup. ✓ How to restrict users access to just their applications and components within their applications is a crucial administrative decision. ✓ Users can have their own setup and be unaware of other users in the same cluster/system. ✓ Allows separation and security between users and applications.
  • 17. Roles and ClusterRoles apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: example-role Rules: # multiple rules can be added - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "watch", "list"] apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: # "namespace" omitted since ClusterRoles are not namespaced name: example-clusterole rules: - apiGroups: [""] resources: ["secrets"] verbs: ["create", "get" , "watch", "list"]
  • 18. Rules and Resources apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: example-role rules: - apiGroups: ["mygroup.example.com" ] resources: ["pods"] resourceNames: ["mypod"] verbs: ["get", "watch", "list"] apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: example-role-all rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"]
  • 19. Subjects Users subjects: - kind: User name: "alice@example.com" Groups subjects: - kind: Group name: "frontend-admins" Service Account subjects: - kind: ServiceAccount name: default namespace: kube-system
  • 20. RoleBindings apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: read-pods namespace: default subjects: # You can specify more than one "subject" - kind: User name: jane # "name" is case sensitive apiGroup: rbac.authorization.k8s.io roleRef: # "roleRef" specifies the binding to a Role / ClusterRole kind: Role #this must be Role or ClusterRole name: pod-reader # this must match the name of the Role or ClusterRole you wish to bind to apiGroup: rbac.authorization.k8s.io
  • 21. ClusterRoleBindings apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: read-secrets-global subjects: - kind: Group name: manager # Name is case sensitive apiGroup: rbac.authorization.k8s.io - kind: ServiceAccount name: test-sa namespace: default apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: secret-reader apiGroup: rbac.authorization.k8s.io
  • 22. How, What, When? Role v/s ClusterRole? ● Use Roles when rules are limited to a certain namespace ● Use ClusterRoles when rules are to be be defined across multiple namespaces and span Resources/APIGroups not limited to a certain namespaces or if runtime namespace is not known in advance RoleBinding v/s ClusterRoleBinding? ● Use RoleBindings to limit subjects to a particular namespace ● Use ClusterRoleBindings to give cluster-wide access to subjects Users v/s Groups? ● Use Users when specific user is known ● Use Groups to give all users belonging to the same group the same access level
  • 23. How can I check what access a user has? Kubectl auth can-i ✓ Kubectl tool to check user access ✓ Checks roles and bindings across the cluster to verify access ✓ Allows impersonation as user or group to verify access control across the list of subjects
  • 24. demo