November 28, 2019

205 words 1 min read

Knative - The Security Platypus?

Knative - The Security Platypus?

Knative provides a way to extend Kubernetes to run serverless workloads. Although it runs as pods, given the nature of those workloads it requires an approach to security that is distinct from standar …

Talk Title Knative - The Security Platypus?
Speakers Ariel Shuper (VP, Product Management, Portshift)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location San Diego, CA, USA
Date Nov 15-21, 2019
URL Talk Page
Slides Talk Slides
Video

Knative provides a way to extend Kubernetes to run serverless workloads. Although it runs as pods, given the nature of those workloads it requires an approach to security that is distinct from standard Kubernetes security practices. As 18th century explorers were wondering when they first encountered the platypus, is it a duck? an otter? or something else?In this talk Ariel reviews the serverless threat landscape, which is quite differentiated from the container equivalent, using examples of how coding mistakes may expose applications despite the extremely ephemeral workloads.This talk will show how combining preventative methods and more “offensive” methods such as tripwires can provide much better visibility and reduce the risk of Knative workloads being used as attack vehicles to reach other areas of the cluster or application.Finally, the platypus question will be resolved.

comments powered by Disqus