View More DetailsRegistration

The schedule is subject to change.

Please note: This schedule is automatically displayed in Central European Summer Time (CEST). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above “Filter by Date.”
Back To Schedule
Monday, August 17 • 16:40 - 17:10
Pod Security as an Afterthought - Alban Crequy, Kinvolk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Kubernetes has several security mechanisms that can be used to secure your applications: you can write security as code with network policies, PSP, seccomp, etc. Ideally, the specs of network policies and PSP should be written at the same time as your applications are developed. Oftentimes this is not the case and security remains an afterthought. It follows that the developers implementing the security might not have an enough good view of the architecture to know which network policies and other PSP to write.

This is not an ideal situation, of course. But as a developer who’s joining a project to implement the security, you don’t have a time machine to change that.

This talk will present some open source tools that can help: kube-psp-advisor, Inspektor Gadget, oci-seccomp-bpf-hook. The tools observe your deployments in different ways and help you to write the security specs.

avatar for Alban Crequy

Alban Crequy

Co-founder and Director of Kinvolk Labs, Kinvolk
Alban is Co-founder of Kinvolk and director of engineering for Kinvolk Labs. He has a particular interest in integrating BPF into Kubernetes. He’s a maintainer of the gobpf library and has worked on software in the cloud space using BPF with Golang: Weave Scope, Traceleft, Project... Read More →

Monday August 17, 2020 16:40 - 17:10 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259