November 29, 2019

197 words 1 min read

Real Security for Services on Kubernetes [I]

Real Security for Services on Kubernetes [I]

We all love the ease-of-use Kubernetes provides to engineers to deploy and manage their services. But before you can start running production code and dealing with customer data, you need to ensure th …

Talk Title Real Security for Services on Kubernetes [I]
Speakers Eric Wang (Software Engineer, Databricks), Yun Zhang (Software Engineer, Databricks)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location Austin, TX, United States
Date Dec 4- 8, 2017
URL Talk Page
Slides Talk Slides
Video

We all love the ease-of-use Kubernetes provides to engineers to deploy and manage their services. But before you can start running production code and dealing with customer data, you need to ensure that everyone’s favorite features are in place: audit logs and access control. (And the crowd goes wild!) At Databricks, we know that the best way to do security is to make sure the simplest way to do something is the secure one. In this talk, we introduce a system called Genie which uses time-boxed TLS certificates to authorize engineers to talk to certain namespaces within Kubernetes. Additionally, we will discuss how we extended this framework to allow for continuous deployment/continuous integration without weakening our security story!

comments powered by Disqus