Taking the Scissors away: Make your Kubernetes Cluster safe for DevOps
Find out all about how to make Kubernetes clusters safe for DevOps in this talk by Jussi Nummelin. This session is highly inspired by Liz Rice’s talk at KubeCon EU 2018, “Running with scissors”. This session will focus on a different angle: how to take the scissors away from the developers so that they do not harm themselves.
Everyone has been told not to run with scissors. Doing so makes one highly exposed to serious damage. Both containers and Kubernetes define a bajillion different toggles how to configure the applications. Rather than using all the proper toggles, developers often run things in containers and in Kubernetes just using the plain defaults. That leaves many capabilities lurking in the applications that just wait to be exploited.
In this talk, we’ll look at some of the concepts of forcing security of the application workloads both from conceptual and practical points of view. We’ll look at things like security policies, resource quotas, and pod security contexts. We’ll also discuss what they mean for the applications developers are pushing to the Kubernetes cluster.
Jussi Nummelin has architected and operated numerous software platforms and applications during his 15+ year career. Having worked for companies ranging from mobile operator Elisa to telecom systems and mobile phone provider Nokia to systems integrator Digia, Jussi has gained deep and wide experience in creating and running highly scalable fault tolerant systems. Having boldly gone to production with the Docker 0.6 release at his previous company and being hard headed, Jussi stayed in the container business and is now one of the core engineers building container orchestration tools at Kontena, Inc.