Engineer for the future of Cloud
June 10-13, 2019
San Jose, CA

Intro to Kubernetes security; or, Taming the Great Spaghetti Monster

Kat Fitzgerald (Uber ATG)
11:35am12:15pm Wednesday, June 12, 2019
Building Secure Systems
Location: LL21 E/F

Level

Beginner

What you'll learn

  • Understand how to set up security for Kubernetes

Description

We’ve all heard of it—Kubernetes or k8s—but do you really know what it is and, more importantly, how to set up security? The Great Spaghetti Monster (as Kat Fitzgerald likes to think of it) isn’t too difficult to secure if you just stop and use common sense security best practices. Join Kat to find out how. The information she shares is for everyone—even those who have been playing with Kubernetes for some time.

Kat opens with a brief intro to containers, and more specifically Docker, to make sure everyone is on the same playing field, before jumping into securing things. Next, Kat introduces Kubernetes and the magic world of orchestration—and what it really means to orchestrate containers. Then the fun begins as she brings up a small Raspberry Pi stack with Kubernetes on it to show a live cluster with “visual aides” (very bright LEDs that show containers jumping from node to node).

As the brief Kubernetes demo concludes, it’s time to bring in security by demonstrating the security plug-ins and tools used. The focus on this is security threats to a Kubernetes cluster and containers, tools to secure the CI/CD or build pipeline, and tools for monitoring and auditing the cluster. Kat brings it all to a neat and clean summary of how she’s addressed many of the typical attack vectors in containers and Kubernetes clusters by integrating operations support system (OSS) (and other) tools into the mix.

Photo of Kat Fitzgerald

Kat Fitzgerald

Uber ATG

Kat Fitzgerald is a principle security architect at Uber ATG taking on the challenge of IoT, cloud, and k8s security architectures and engineering. She has (many) years of experience in the security field, with an emphasis on security operations, incident response, and purple teams. Previously, she spent five years at Apple in Cupertino as senior security architect/engineer. Based in Pittsburgh and a natural creature of winter, you can typically find her sipping Casa Noble Anejo while simultaneously defending her systems using OSS, magic spells, and dancing flamingos against a barrage of attackers. Running IoT honeypots on k8s clusters running on Raspberry Pis has upped the ante on her security research toolbox.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)