Deploying Kubernetes Without Scaring Off Your Security Team [I]

subtitle: "The Major Hayden Center For Kubernauts Who Can't Security Good And Wanna Learn To Do Other Stuff Good Too" One of the larger roadblocks we face in the enterprise when trying to adopt new t …

subtitle: “The Major Hayden Center For Kubernauts Who Can’t Security Good And Wanna Learn To Do Other Stuff Good Too” One of the larger roadblocks we face in the enterprise when trying to adopt new technologies is getting the security and compliance teams onboard. Tools like kubicorn and kubeadm are likely the foundation on which Kubernetes deployments will be performed in the future as they help simplify the deployment and operations of Kubernetes a very complex distributed system. However concerns about security and compliance, which are not as yet addressed by those tools, may act as inhibitors and road blocks to using these them and thus Kubernetes in the enterprise. Thankfully the techniques and tools for deploying Enterprise Linux distributions, securing them, and ensuring compliance already exist and can be very easily combined with kubernetes. In this talk we’ll expand upon these enterprise requirements and use cases and show how we can use existing Ansible tooling to deploy kubernetes on bare metal or the cloud, monitor it with common enterprise monitoring tools, secure it with a 2fa SSH bastion, and ensure [DISA STIG] compliance.