Practical Kubernetes Security at Scale
- Length: 45 minutes.
- Scheduled: 13:40 (UTC+2)
Over the past few years Kubernetes (k8s) has been adopted widely across Schibsted. Currently Schibsted manages about 100 k8s clusters centrally and that number is growing as more as Schibsted brands adopt k8s.
In this talk we will present what to consider and the trade-offs we made to improve security in those clusters. While most of the takeaways should be generally applicable, the examples will be from EKS clusters in AWS.
We will look at k8s and EKS hardening as well as open source and commercial security tools. Security in k8s is a large topic and our goal is to focus on the most important best practices, while keeping the user experience in mind.
Birgir is a staff software engineer in Schibsted’s Developer Foundations team.
Stian is a staff security engineer in Schibsted’s Product & Application Security team.
In the past he has open sourced two security projects at Schibsted: Strongbox, a secrets manager, and Artishock, a tool to investigate dependency confusion.
Stian also presented his talk on Dependency Confusion Deep Dive at BSides Oslo Digital Edition 2021