Over the past years, Security has become an important topic when speaking about Kubernetes. The reason is simple - Kubernetes has become the de-facto development platform for many teams. Securing your platform is just as important as securing the applications running on top of it.

Kubernetes gives you many security constructs which you can use. This can be both a good and a bad thing. It is good because you get a lot of security instruments out of the box, and it's straightforward to enable and benefit from them. But it can also be bad because you have so many options that it's easy to get lost in them and get confused about what you need and what you don't. It can also give you a false sense of security.

Do you need to use both seccomp and AppArmor? Do you need to enable admission control if you use RBAC? What about NetworkPolicies and PodSecurityStandards? It is easy for a newcomer (and even a more mature user) to get lost in this sea of tools and terminology.

In this session, Anton will attempt to go over all existing security mechanisms, outline their use-cases, and explain where they overlap and where they complement each other.