Kubernetes Security 101: Best Practices to Secure your Cluster

Back to the list of Speakers and Sessions
This workshop aims to give an overview about how Kubernetes works and provide some best practices to secure your cluster whenever you are deploying a new cluster on your own or via managed services such as GKE, EKS or AKS. We are going to cover everything from the Control Plane or the Master Node, starting with the API server, including etcd, RBAC and network policies. Then, we’ll cover the worker nodes, kubelet, audit logs and pods best practices. We'll talk about the CIS Benchmarks for Kubernetes and the default configurations you need to worry about when deploying a new cluster. We'll show how to use RBAC and assign roles and permissions to your cluster users. We'll demonstrate how to enable audit logs for better visibility and later we'll set up some network policies to avoid communication between pods and prevent any lateral movement from attackers.

Are you starting to use Kubernetes for container orchestration? Do you need guidelines on how to start securing Kubernetes in your organization? Do you want to find a way to increase the protection of your Kubernetes clusters without increasing the complexity of the infrastructure? Do you need to use Kubernetes clusters in a safe, efficient and affordable way? Everything in a practical way with a focus on security best practices? Then this is the workshop for you!

Participants should prepare by:

Create and AWS account and setup a Cloud9 instance.


Magno Logan Information Security Specialist and Senior Threat Researcher, Trend Micro

Magno Logan works as an Information Security Specialist for Trend Micro Cloud and Container Security Research Team. He specializes in Cloud, Container and Application Security Research, Threat Modelling, Red Teaming, DevSecOps, and Kubernetes Security, among other topics. He has been tapped as a resource speaker for numerous security conferences around the globe including Canada, USA, Portugal and Brazil. He is also the founder of JampaSec and a member of the CNCF SIG-Security team.