Session
Exploring DevSecOps controls for Kubernetes throughout the value chain
One of many misconceptions that I have experienced (and believed at some point of my dark past) while working with Kubernetes, and specifically with managed Kubernetes services like Azure Kubernetes Service, is that it's secure by default. I hate to break it to you but...in reality it's a trap.
Just like many other services that are offered by cloud providers, managed Kubernetes services also fall under a shared responsibility model where you, as a service consumer, have a high level of responsibility for keeping your Kubernetes clusters and workloads that are running on them, secure.
Fortunately, there are many valuable resources that can help us and guide us on this journey towards more secure Kubernetes clusters. In this session, based on concrete examples, I will show how DevSecOps objectives can be applied to Kubernetes clusters and workloads that are running on those clusters. I will also demonstrate a few of the misconceptions regarding Kubernetes cluster security in action and how those can be mitigated with help of tools like Open Policy Agent, Trivy, and a few others.
Kristina Devochko
Platform Engineer. Interested in all things tech, cats and motorcycles. Advocate of being nice and kind to each other, animals, nature and planet as a whole.
Oslo, Norway
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top