SlideShare uma empresa Scribd logo

Kubernetes Security Workshop

Mirantis
Mirantis

This document summarizes a workshop on Kubernetes security presented by Avinash Desireddy and Anoop Kumar. The workshop covered Role-Based Access Control (RBAC) to grant users access to Kubernetes resources, using Open Policy Agent (OPA) and Gatekeeper to enforce cluster-wide policies, and network policies to control traffic between pods. It provided demonstrations of creating RBAC roles, restricting node port usage and enforcing resource limits with OPA policies, and allowing traffic between applications with network policies. The key takeaways were to enforce policies, build an RBAC strategy, start with a zero-trust approach, and use network policies.

Tecnologia
1 de 31
Baixar para ler offline
Copyright © 2021 Mirantis, Inc. All rights reserved PRO TALK: Kubernetes Security Workshop Avinash Desireddy Sr. Solutions Architect
2 Sr. Solutions Architect @ Mirantis /avinashdesireddy /avinashdesiredd /avinashdesireddy AVINASH DESIREDDY SPEAKER Director, Professional Services @ Mirantis /anokun7 /anooplive /anoopkumarv ANOOP KUMAR MODERATOR
3 Kubernetes: Adoption, Security & Market Trends Source: The State of Containers and Kubernetes Security Report - Survey by StackRox(RedHat) in 2021 In the past 12 months, what security incidents or issues related to containers and/or Kubernetes have you experienced? Have you ever delayed or slowed down application deployment into production due to container or Kubernetes security concerns? What is your biggest concern about your company’s container strategy?
4 Code Code Best Practices Vulnerability scanners Container Restrict Images, Privileged The 4 C’s of Cloud-Native Security Cluster Authentication, Authorization, Admission, Network Policy Cloud Datacenter, Network, Servers 2 4 3 1
5 https://github.com/avinashdesireddy/k8s-security-workshop.git API ETCD Overview: Onboard Apps Securely Blue Red Green Worker Node Master Node SCHED C-M Worker Node Worker Node ● Isolate App teams Access rights? ● Protect clusters from restricted workloads? ● Protect communication layer in the cluster? Apps & App Teams Platform Engineer
6 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #1 - Grant access to Users Blue Red Green Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Role-Based Access Control A way of granting users access to Kubernetes API resources ❏ What API Resources a user should access? ❏ What Operations(Verbs) can be performed? ❏ Who can grant access? Apps & App Teams Platform Engineer
7 https://github.com/avinashdesireddy/k8s-security-workshop.git ClusterRoleBinding RoleBinding Role Based Access Control - List - Get - Watch - Create - Update - Patch - Delete Verbs / Actions Subjects Resources Role ClusterRole belongs to binds binds connects
8 https://github.com/avinashdesireddy/k8s-security-workshop.git ClusterRoleBinding RoleBinding Role Based Access Control - List - Get - Watch - Create - Update - Patch - Delete Verbs / Actions Subjects Resources Role ClusterRole belongs to binds binds connects apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: role-blue namespace: blue rules: - apiGroups: ["", "apps"] resources: ["deployments", "services"] verbs: ["create", "delete", "list"] apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: blue-rb namespace: blue-ns subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: blue roleRef: kind: Role name: role-blue apiGroup: rbac.authorization.k8s.io
9 https://github.com/avinashdesireddy/k8s-security-workshop.git Demo: RBAC ● Create Namespaces ● Grant Access to App Users to respective Namespaces ● Deploy 3 applications Environment Kubernetes IDE Access the cluster /avinashdesireddy/k8s-securi ty-workshop.git Mirantis Kubernetes Engine 1 Manager, 3 Worker Version - 1.21.3 Infrastructure Nodes, LB, DNS, etc
10 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Happy Users!!! POD POD POD POD POD POD POD POD POD POD POD Green Blue Red Apps & App Teams Platform Engineer
11 https://github.com/avinashdesireddy/k8s-security-workshop.git All of a sudden, Pods belong to App Blue started consuming a lot of memory in the cluster. How do we fix it? Resource Limits Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #2 POD POD POD POD POD POD POD POD POD POD POD
12 https://github.com/avinashdesireddy/k8s-security-workshop.git Scenario #2: Coordinating changes ● Identify Application Owner ● Ask Owner of App Blue to specify Memory & CPU Limits on Containers ● Configure Resource Quota & Limits on Namespaces
13 https://github.com/avinashdesireddy/k8s-security-workshop.git Scenario #2: Challenges ● How can we enforce these across all the applications in the cluster? ○ Reach out to multiple application to make changes? ○ Define Best Practices? ○ Monthly Audits?
Do you find it a challenge while agreeing on Cluster Best Practices with App Teams? ⓘ Start presenting to display the poll results on this slide.
15 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #2 - Policy Enforcement Blue Red Green POD POD POD POD POD POD POD POD POD POD POD Apps & App Teams Platform Engineer
16 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #2 - Policy Enforcement Blue Red Green POD POD POD POD POD POD POD POD POD POD POD Policies ❏ Set up Resource Limits on containers ❏ Set Resource Quota & Limits on Namespaces ❏ Images from approved registries ❏ Limit NodePort Services ❏ Specific labels Apps & App Teams Platform Engineer
17 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #2 - Policy Enforcement Blue Red Green POD POD POD POD POD POD POD POD POD POD POD Policies ❏ Set up Resource Limits on containers ❏ Set Resource Quota & Limits on Namespaces ❏ Images from approved registries ❏ Limit NodePort Services ❏ Specific labels Apps & App Teams Platform Engineer
18 https://github.com/avinashdesireddy/k8s-security-workshop.git Open Policy Agent (OPA) ● CNCF Graduated ● General Purpose Policy Engine ● Empowers admins with more CONTROL over the system ● REGO Language ● Gatekeeper → Admission Controller implementation of OPA
19 https://github.com/avinashdesireddy/k8s-security-workshop.git app.yaml Policy ConstraintTemplate Policy Constraint OPA in Kubernetes Admission Controller Gatekeeper/OPA defines kubectl apply validates Approve / deny
20 Demo: OPA ● Restrict NodePort Usage ● Enforce Container Resource Limits Environment Kubernetes IDE Access the cluster /avinashdesireddy/k8s-securi ty-workshop.git Mirantis Kubernetes Engine 1 Manager, 3 Worker Version - 1.21.3 Open Policy Agent / Gatekeeper
21 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Happy Users… Happy Cluster!!! Blue Red Green POD POD POD POD POD POD POD Apps & App Teams Platform Engineer
22 https://github.com/avinashdesireddy/k8s-security-workshop.git Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Scenario #3: Network Security POD POD POD POD POD POD POD New features are added to App Blue, the pods must connect to an external MySql DB and to an exposed API in Green App Pod How do we control Network Traffic to/from Pods? Network Policies
23 Network Policy POD POD POD apiVersion : networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default spec: podSelector : matchLabels : role: db policyTypes : - Ingress - Egress ingress: - from: - ipBlock: cidr: 172.17.0.0/16 except: - 172.17.1.0/24 - namespaceSelector : matchLabels : project: myproject - podSelector : matchLabels : role: frontend ports: - protocol: TCP port: 6379 egress: - to: - ipBlock: cidr: 10.0.0.0/24 ports: - protocol: TCP port: 5978 ● Control Traffic to/from pods ● Traffic between pods are non-Isolated ● Namespace scoped ● Can be defined based on - ○ Pod, Namespace or IP Range
Who are using Network Policies? ⓘ Start presenting to display the poll results on this slide.
25 Default Deny Policy apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny-all spec: podSelector: {} policyTypes: - Ingress - Egress egress: - to: - namespaceSelector : matchLabels: kubernetes.io/metadata.name : kube-system podSelector: matchLabels: k8s-app: kube-dns ports: - protocol: UDP port: 53 - protocol: TCP port: 53 POD
26 https://github.com/avinashdesireddy/k8s-security-workshop.git Scenario #3: App Blue connecting to MySQL 13.56.49.134 172.31.0.0/24 App Blue POD POD 192.168.96.4 192.168.96.3 App Green POD POD 192.168.206.7 192.168.206.9 1 Open firewall rule on DB to allow connections from 172.31.0.0/24 on port 3306 1 Create Egress Network Policy based on PodSelector 3 Open firewall rule on Cluster Nodes to allow traffic to 13.56.49.134 on port 3306 2 apiVersion : networking.k8s.io/v1 kind: NetworkPolicy metadata: name: mysql-port-egress spec: podSelector : matchLabels : app: blue backend: mysql policyTypes : - Egress egress: - to: - ipBlock: cidr: 13.56.49.134/32 ports: - protocol: TCP port: 3306
27 https://github.com/avinashdesireddy/k8s-security-workshop.git Scenario #3: App Blue connecting to App Green 172.31.0.0/24 App Blue POD POD 192.168.96.4 192.168.96.3 App Green POD POD 192.168.206.7 192.168.206.9 Create Egress Network Policy based on Green PodSelector 1 Create Ingress Network Policy based on Blue PodSelector 2 apiVersion : networking.k8s.io/v1 kind: NetworkPolicy metadata: name: to-green-egress namespace: blue spec: podSelector : matchLabels : app: blue policyTypes : - Egress egress: - to: - podSelector : matchLabels : app: green ports: - protocol: TCP port: 8080 apiVersion : networking.k8s.io/v1 kind: NetworkPolicy metadata: name: from-blue-ingress namespace: green spec: podSelector : matchLabels : app: green policyTypes : - Ingress ingress: - from: - podSelector : matchLabels : app: blue
28 Demo: Network Policies ● Create Default Network Policies ● Allow access for “Blue” App to MySQL on Port 3306 ● Allow access for “Blue” App to access “Green” Application’s API Environment Mirantis Kubernetes Engine Kubernetes IDE Access the cluster /avinashdesireddy/k8s-securi ty-workshop.git Mirantis Kubernetes Engine 1 Manager, 3 Worker Version - 1.21.3 Kubernetes Network Policies
29 https://github.com/avinashdesireddy/k8s-security-workshop.git CNIs with Network Policy Support ● Weave ● Calico ● Cilium ● Kube-router ● Istio
30 https://github.com/avinashdesireddy/k8s-security-workshop.git Apps & App Teams Platform Engineer Takeaways… Worker Node Master Node API ETCD SCHED C-M Worker Node Worker Node Blue Red Green Enforce Policies Build RBAC Strategy Start with Zero-Trust Network Policy
31 https://github.com/avinashdesireddy/k8s-security-workshop.git Thank you! /avinashdesiredd /anooplive

Recomendados

Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
QAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
Mario-Leander Reimer
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
QAware GmbH
 
In Search of Segmentation
In Search of SegmentationIn Search of Segmentation
In Search of Segmentation
Adrian Cockcroft
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie Frazelle
Paris Container Day
 
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
Agile Testing Alliance
 
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
InfluxData
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Olivia LaMar
 

Recomendados

Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
QAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
Mario-Leander Reimer
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
QAware GmbH
 
In Search of Segmentation
In Search of SegmentationIn Search of Segmentation
In Search of Segmentation
Adrian Cockcroft
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie Frazelle
Paris Container Day
 
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
Agile Testing Alliance
 
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
InfluxData
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Olivia LaMar
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
Matthew Farina
 
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYWhy Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Enterprise Management Associates
 
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian SkerrettIoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
Param Singh
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays
 
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ... Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
MayaData Inc
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
AppDynamics
 
Scaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdfScaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdf
KatamaRajuBandigari1
 
Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMPursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideM
Mark Secretario
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container Environments
Twistlock
 
Bindu_Resume
Bindu_ResumeBindu_Resume
Bindu_Resume
HIMABINDU CHITRAPU
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020
Emily Jiang
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020
Emily Jiang
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
Katie Nickels
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
QAware GmbH
 
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
bridgetkromhout
 
Cross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE PredixCross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE Predix
Altoros
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
Thomas Graf
 
K8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For KubernetesK8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For Kubernetes
Medya Ghazizadeh
 
DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...
Laurent Grangeau
 
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
Mirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
Mirantis
 

Mais conteúdo relacionado

Semelhante a Kubernetes Security Workshop

Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
Matthew Farina
 
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian SkerrettIoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
Param Singh
 
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ... Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
MayaData Inc
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
QAware GmbH
 

Semelhante a Kubernetes Security Workshop (20)

Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
 
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYWhy Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
 
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian SkerrettIoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
IoTWorld 2016 OSS Keynote Param Singh, Ian Skerrett
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
 
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ... Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
 
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
Getting More Out of the Node.js, PHP, and Python Agents - AppSphere16
 
Scaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdfScaling frontend applications with micro-frontends Presentation.pdf
Scaling frontend applications with micro-frontends Presentation.pdf
 
Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMPursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideM
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container Environments
 
Bindu_Resume
Bindu_ResumeBindu_Resume
Bindu_Resume
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020
 
Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020Cloud nativemicroservices jax-london2020
Cloud nativemicroservices jax-london2020
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
 
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
 
Cross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE PredixCross Section and Deep Dive into GE Predix
Cross Section and Deep Dive into GE Predix
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
 
K8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For KubernetesK8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For Kubernetes
 
DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...DockerCon - The missing piece : when Docker networking unleashes software arc...
DockerCon - The missing piece : when Docker networking unleashes software arc...
 

Mais de Mirantis

Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Mirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 Clouds
Mirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container Shakeout
Mirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's You
Mirantis
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStack
Mirantis
 

Mais de Mirantis (20)

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge Cloud
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar Slides
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security Compliance
 
Mirantis life
Mirantis lifeMirantis life
Mirantis life
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the Cloud
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStack
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 Clouds
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That Simple
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container Shakeout
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's You
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for Innovation
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStack
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Kubernetes Security Workshop