One of many misconceptions that I have experienced (and believed at some point of my dark past) while working with Kubernetes, and specifically with managed Kubernetes services like Azure Kubernetes Service, is that it's secure by default. I hate to break it to you but...in reality it's a trap.

Just like many other services that are offered by cloud providers, managed Kubernetes services also fall under a shared responsibility model where you, as a service consumer, have a high level of responsibility for keeping your Kubernetes clusters and workloads that are running on them, secure.

Fortunately, there are many valuable resources that can help us and guide us on this journey towards more secure Kubernetes clusters. In this session, based on concrete examples, I will show how DevSecOps objectives can be applied to Kubernetes clusters and workloads that are running on those clusters. I will also demonstrate a few of the misconceptions regarding Kubernetes cluster security in action and how those can be mitigated with help of tools like Open Policy Agent, Trivy, and a few others.