Here is session abstract.
Securing docker application requires one to know internals of Linux security. Armed with Linux security pillars, we will review how docker security has expanded on it. Kubernetes is default orchastrator of dockerized applications. With basics of Linux and Docker security covered, we will review foundations of Kubernetes security. We will review YAML files with various aspects of Kubernetes security ( Node, Pod, Container, Port, ServerRole, RBAC etc. ).
In this session, you will also learn how docker security can be transparently moved to Kubernetes and then, you can make improvements in incremental manner. Live demos will make concepts clear and session highly interactive. The demos will be shown on local Docker installation and on public clouds like Google, Azure Kubernetes platforms.
It was attended by 30 or so conference attendees. Takeaway was to understand Linux security well to understand Docker security which in turn makes understanding Kubernetes security architecture easier. I gave many examples of modules on similarity of tools like RBAC, MAC, sysdig. I gave examples of enterprise deployments of Kubernetes clusters on sound principles of core Linux and Docker security ( certificates, cgroups, namespaces etc. ).
Feedback was many did not know there was a logical relationship among OS, Docker and Kubernetes security modules, tools and utilities. I feel happy about being able to give SVCC presentations each year on new topic that helps attendees learn and grow.