Real Security for Services on Kubernetes [I]
![Real Security for Services on Kubernetes [I]](/2017/images/all/lf_huffc03acb4b89c823f315cae16e4b2e6b_29065_900x500_fit_q75_box.jpg)
We all love the ease-of-use Kubernetes provides to engineers to deploy and manage their services. But before you can start running production code and dealing with customer data, you need to ensure th …
| Talk Title | Real Security for Services on Kubernetes [I] |
| Speakers | Eric Wang (Software Engineer, Databricks), Yun Zhang (Software Engineer, Databricks) |
| Conference | KubeCon + CloudNativeCon North America |
| Conf Tag | |
| Location | Austin, TX, United States |
| Date | Dec 4- 8, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
We all love the ease-of-use Kubernetes provides to engineers to deploy and manage their services. But before you can start running production code and dealing with customer data, you need to ensure that everyone’s favorite features are in place: audit logs and access control. (And the crowd goes wild!) At Databricks, we know that the best way to do security is to make sure the simplest way to do something is the secure one. In this talk, we introduce a system called Genie which uses time-boxed TLS certificates to authorize engineers to talk to certain namespaces within Kubernetes. Additionally, we will discuss how we extended this framework to allow for continuous deployment/continuous integration without weakening our security story!
![Kubernetes Ingress Controller with Apache Traffic Server [I]](/2017/images/all/lf_huffc03acb4b89c823f315cae16e4b2e6b_29065_700x350_resize_q75_box.jpg)