Tutorial: Building Security into Kubernetes Deployment Pipelines
How secure is your deployment pipeline? Is image integrity verified or can any user deploy any image to production? Are those images scanned for known CVEs? And are security policies enforced to harde …
| Talk Title | Tutorial: Building Security into Kubernetes Deployment Pipelines |
| Speakers | Michael Hough (Software Engineer, IBM), Sam Irvine (Infrastructure Engineer, ControlPlane) |
| Conference | KubeCon + CloudNativeCon Europe |
| Conf Tag | |
| Location | Barcelona, Spain |
| Date | May 19-23, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
How secure is your deployment pipeline? Is image integrity verified or can any user deploy any image to production? Are those images scanned for known CVEs? And are security policies enforced to harden the cluster at runtime?This tutorial covers current best practices for enhanced Kubernetes cluster security. It is led by core contributors and subject matter experts, and provides hands-on experience with Notary, admission controllers, and vulnerability scanning.It teaches integrating image signing and vulnerability scanning into a pipeline through live examples, and demonstrates how to configure Kubernetes to enforce security policies and image integrity.Attendees should expect to learn how to utilise state-of-the-art CNCF and OS tooling, and frustrate potential attackers throughout the deployment lifecycle.
