Engineer for the future of Cloud
June 10-13, 2019
San Jose, CA

Intro to Kubernetes security; or, Taming the Great Spaghetti Monster

Kat Fitzgerald (Uber ATG)
11:35am12:15pm Wednesday, June 12, 2019
Building Secure Systems
Location: LL21 E/F
Average rating: ****.
(4.93, 15 ratings)



What you'll learn

  • Understand how to set up security for Kubernetes


We’ve all heard of it—Kubernetes or k8s—but do you really know what it is and, more importantly, how to set up security? The Great Spaghetti Monster (as Kat Fitzgerald likes to think of it) isn’t too difficult to secure if you just stop and use common sense security best practices. Join Kat to find out how. The information she shares is for everyone—even those who have been playing with Kubernetes for some time.

Kat opens with a brief intro to containers, and more specifically Docker, to make sure everyone is on the same playing field, before jumping into securing things. Next, Kat introduces Kubernetes and the magic world of orchestration—and what it really means to orchestrate containers. Then the fun begins as she brings up a small Raspberry Pi stack with Kubernetes on it to show a live cluster with “visual aides” (very bright LEDs that show containers jumping from node to node).

As the brief Kubernetes demo concludes, it’s time to bring in security by demonstrating the security plug-ins and tools used. The focus on this is security threats to a Kubernetes cluster and containers, tools to secure the CI/CD or build pipeline, and tools for monitoring and auditing the cluster. Kat brings it all to a neat and clean summary of how she’s addressed many of the typical attack vectors in containers and Kubernetes clusters by integrating operations support system (OSS) (and other) tools into the mix.

Photo of Kat Fitzgerald

Kat Fitzgerald

Uber ATG

Kat Fitzgerald is a principle security architect at Uber ATG taking on the challenge of IoT, cloud, and k8s security architectures and engineering. She has (many) years of experience in the security field, with an emphasis on security operations, incident response, and purple teams. Previously, she spent five years at Apple in Cupertino as senior security architect/engineer. Based in Pittsburgh and a natural creature of winter, you can typically find her sipping Casa Noble Anejo while simultaneously defending her systems using OSS, magic spells, and dancing flamingos against a barrage of attackers. Running IoT honeypots on k8s clusters running on Raspberry Pis has upped the ante on her security research toolbox.