Dimitrij Klesev & Andreas Zeissner
Enhancing Workload Security in Kubernetes
#1about 3 minutes
Understanding the Kubernetes securityContext for workloads
The securityContext field in a pod specification allows you to define privilege and access control settings for a pod or container.
#2about 4 minutes
Restricting kernel system calls with seccomp profiles
Seccomp profiles enhance security by allowing you to explicitly define which kernel system calls a containerized workload is permitted to make.
#3about 4 minutes
Hardening file system access with AppArmor profiles
AppArmor provides mandatory access control by defining profiles that restrict application capabilities like file reads, writes, and network access.
#4about 6 minutes
Implementing fine-grained control with SELinux contexts
SELinux uses a labeling system to enforce mandatory access control policies, providing granular control over process and object interactions.
#5about 2 minutes
Automating security with the Security Profiles Operator
The Security Profiles Operator simplifies the management and distribution of seccomp, AppArmor, and SELinux profiles across all nodes in a Kubernetes cluster.
#6about 5 minutes
Demo of blocking an in-memory execution attack
A live demonstration shows how a seccomp profile can block the `memfd_create` system call to prevent a fileless malware execution attack.
#7about 3 minutes
Demo of managing seccomp with the operator
This demo illustrates how the Security Profiles Operator uses a `ProfileBinding` to automatically apply a seccomp profile to workloads based on their image.
#8about 8 minutes
Demo of troubleshooting SELinux permissions
A practical demonstration shows how SELinux denies access by default and how to use audit logs and tools like `audit2allow` to diagnose and create new policies.
#9about 8 minutes
Q&A on AppArmor, fileless attacks, and eBPF
The speakers answer audience questions about applying AppArmor profiles, the nature of fileless malware, discovering system calls, and the role of eBPF.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
39:53 MIN
Q&A on managed Kubernetes security in the cloud
Kubernetes Security - Challenge and Opportunity
22:09 MIN
Centralizing security services in a Kubernetes ecosystem
DevSecOps: Security in DevOps
20:26 MIN
Identifying common Kubernetes security vulnerabilities
Kubernetes Security - Challenge and Opportunity
01:46 MIN
Understanding the Kubernetes threat landscape and adversaries
Hacking Kubernetes: Live Demo Marathon
03:28 MIN
The prevalence and impact of Kubernetes security incidents
Kubernetes Security Best Practices
56:21 MIN
Security best practices for containers and Kubernetes
Microservices: how to get started with Spring Boot and Kubernetes
18:57 MIN
Moving from perimeter defense to workload microsegmentation
You can’t hack what you can’t see
07:14 MIN
Addressing unique data protection challenges in Kubernetes
It's all about the Data
Featured Partners
Related Videos
23:08Kubernetes Security Best Practices
Rico Komenda
42:45Kubernetes Security - Challenge and Opportunity
Marc Nimmerrichter
46:36Hacking Kubernetes: Live Demo Marathon
Andrew Martin
58:52Securing secrets in the GitOps Era
Davide Imola
33:20DevSecOps: Security in DevOps
Aarno Aukia
44:40Enabling automated 1-click customer deployments with built-in quality and security
Christoph Ruggenthaler
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
39:20Developing locally with Kubernetes - a Guide and Best Practices
Dan Erez
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Kubernetes Lifecycle & Security Engineer / Distributed Cloud - STACKIT (gn)
Webseite STACKIT
Intermediate
Kubernetes
Kubernetes Lifecycle & Security Engineer / Distributed Cloud - STACKIT
Schwarz Unternehmenskommunikation GmbH & Co. KG
Senior
Kubernetes
Technical Application Specialist - Kubernetes / Digital Certificates
Lloyd's
€47-53K
DevOps
Jenkins
Terraform
Kubernetes