K8s Security : References from Kubecon2019


Extended NodeRestrictions for Pods: https://bit.ly/2XdeWOF
Bounding Self-Labeling Kubelets: https://bit.ly/351BaFN
Choose a minimal base image https://bit.ly/37eTPzT
Run as non root! https://bit.ly/2qpUNJ7 
Use resource limits https://bit.ly/37k48Tx 
Use least privilege authorization https://bit.ly/2CV1INd 
Restrict network access https://bit.ly/37cL9dv 
Node Authorizer: https://bit.ly/33XRIPb
Node Restriction: https://bit.ly/2QkRqhk
Kubelet Static Pods: https://bit.ly/2Qj0DGL
Extended NodeRestrictions for Pods: https://bit.ly/2XdeWOF
Bounding Self-Labeling Kubelets: https://bit.ly/351BaFN
ReplicaSet deletion logic: https://bit.ly/2NQTL1O
Run as non-root using security context https://bit.ly/2qpUNJ7
Minimal base images: https://bit.ly/37eTPzT
Resource limits: https://bit.ly/37k48Tx
Least privilege: https://bit.ly/2CV1INd
GKE hardening guide: g.co/gke/hardening
GKE sandboxes: g.co/gke/sandbox
Kata containers: katacontainers.io
State of Kubernetes Security https://bit.ly/2OdqgWC
“The Devil in the Details: Kubernetes’ First Security Assessment”
https://bit.ly/34VkAr2
Walls Within Walls: What If Your Attacker Knows Parkour?”
https://bit.ly/33PZiLl
“Binary Authorization in Kubernetes” https://bit.ly/32L2yqj
“Piloting Around the Rocks: Avoiding Threats in Kubernetes”
https://bit.ly/36XLAbc
“Hello from the Other Side: Dispatches from a Kubernetes
Attacker” https://bit.ly/2NBpe7Y
“How Kubernetes Components Communicate Securely in Your
Cluster” https://bit.ly/2QrIzKP
“Sig-Auth Update” https://bit.ly/2Kk7kEQ
“Attacking and Defending Kubernetes Clusters: A Guided Tour”
https://bit.ly/36Xb0G0

0 comments:

Post a Comment