How can requirements from the German BSI IT baseline protection catalog (IT Grundschutz/ISO27001) be implemented in production Kubernetes environments? Using the example of the Hamburg Port Authority (HPA), we show four real implementations of the following IT-Grundschutz building blocks:
- APP.4.4.A2 Planning automation with CI/CD
- APP.4.4.A7 Separation of networks with Kubernetes
- APP.4.4.A13 Automated Configuration Auditing
- APP.4.4.A21 Regular restart of pods
The presentation combines best practices with real challenges of the platform team and provides impulses for secure Kubernetes setups in accordance with IT-Grundschutz/ISO27001. We show how to implement solutions (hands-on-demos in a kubernetes-cluster) with the help of OpenSource-Projects from the CNCF-Landscape to cover the compliance.