Read the abstract ➤ https://www.conf42.com/Kube_Native_2023_Jacob_Beasley_m9sweeper_open_source_security_platform Other sessions at this event ➤ https://www.conf42.com/kubenative2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 0:27 preamble 0:31 about jacob 1:18 4 c's of cloud security 2:22 lab summary - layers covered 3:19 cloud: kubernetes architecture 4:25 k8s security best practices 6:27 role based access control 7:50 sample role 8:21 sample role binding 8:58 why use tools? 10:14 demo: kube-bench 13:28 container: what is virtualization? 14:06 what is a container? 15:59 degrees of isolation 17:41 parts of a container image 19:24 docker file example 20:09 container breakout 20:46 preventing container breakout 25:31 limiting linux kernal calls 27:27 kubesec 28:39 pod security admissions 31:42 network policies 32:50 sample network policy 33:52 shortcomings of built-in features 34:51 extending kubernetes: opa and gatekeeper 35:31 lab: gatekeeper 39:06 cve scanning with trivy 42:07 limiting linux kernel calls 42:45 demo: project falco 45:41 summary 46:00 questions?