Build Systems that Drive Business
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

Kubernetes security best practices

Ian Lewis (Google)
4:35pm–5:15pm Wednesday, June 13, 2018
Location: LL20 A/B Level: Intermediate
Secondary topics: Resilient, Performant & Secure Distributed Systems
Average rating: ****.
(4.40, 5 ratings)

Prerequisite knowledge

  • Familiarity with containers
  • A basic understanding of Kubernetes (useful but not required)

What you'll learn

  • Learn best practices for improving the security of your Kubernetes clusters


Containers give developers the ability to isolate applications from one another, but that’s not enough. Resource isolation is much different than security isolation. How do we make applications deployed in containers more secure? How do we apply existing tools like SELinux, AppArmor, and seccomp to our containers running in Kubernetes? How can we apply policy to our network and services to make sure applications only have access to what they need and nothing more?

Ian Lewis shares the easiest and best ways to improve the security of your Kubernetes clusters. You’ll learn about the risks and attack surfaces and see tools like PodSecurityPolicy, SELinux, AppArmor and seccomp in action to improve the security of containers deployed in Kubernetes. You’ll then go up the stack and learn how to apply network policy to containers to further improve security.

Photo of Ian Lewis

Ian Lewis


Ian Lewis is a Tokyo-based developer advocate on Google’s Cloud Platform team. Ian has held various developer and operations roles throughout his career and enjoys working in environments with diverse ways of thinking. He is passionate about DevOps, SRE, Python, Go, and container orchestration. When he’s not writing controllers and operators in Go, he runs the Kubernetes meetup in Tokyo and blogs about Kubernetes and containers.