SlideShare a Scribd company logo

Deploying Kubernetes without scaring off your security team - KubeCon 2017

Major Hayden
Major Hayden

Kubernetes provides plenty of enhancements for deploying software, but it can cause anxiety on the corporate security team. This talk explains how to approach your security team and how to push them to provide guardrails, not deployments.

Technology
1 of 36
Download to read offline
Deploying Kubernetes without scaring away your security team Paul Czarkowski, Pivotal Software (@pczarkowsi) Major Hayden, Rackspace (@majorhayden)
Deploying Kubernetes Without Scaring Away Your Security Team Principal Technologist @ Pivotal Always doing things and promoting agile synergistic principles that resonate down the value chain Principal Architect @ Rackspace Secures OpenStack/Kubernetes clouds and owns far too many domain names (including icanhazip.com)
Photo credit: Pixabay
Your first day back at the office talking about Kubernetes feels like this Photo credit: Pixabay
Talking to your corporate security team about Kubernetes feels more like this Photo credit: Breaking Bad Wikia
Deploying Kubernetes Without Scaring Away Your Security Team Enterprise security teams demand security layers that are: • Valuable • Non-disruptive • Documented • Auditable • Easily understood
Deploying Kubernetes Without Scaring Away Your Security Team DevOps Security Automated Infrastructure Find a way to get here
Security requirements and restrictions should be guardrails, not roadblocks Photo credit: Wikipedia
PUBLIC SERVICE ANNOUNCEMENT: Always enable Linux Security Modules in your container deployments. (like SELinux or AppArmor)
SERIOUSLY. STOP DISABLING SELINUX.
Deploying Kubernetes Without Scaring Away Your Security Team Luckily, there are tools that help with many of these challenges.
Deploying Kubernetes Without Scaring Away Your Security Team • Orchestration • Configuration management • Software deployment • Stackable building blocks • Everything as codehttps://www.ansible.com/
Deploying Kubernetes Without Scaring Away Your Security Team Tasks Role Tasks Tasks Tasks Role Tasks Tasks Tasks Role Tasks Tasks Playbook Ansible explained in three bullets: • Each task does one thing • Tasks are grouped into roles • Playbooks apply one or more roles to one or more servers
Deploying Kubernetes Without Scaring Away Your Security Team • Tasks are read one at a time, top-down • Tasks are written in YAML • No need for dependency chaining or complex ordering • Simple inventory system Ansible is simple
Deploying Kubernetes Without Scaring Away Your Security Team • Automates containers, virtual machines, servers, network devices, clouds, laptops • No daemons or complex dependencies • Got Python installed on your nodes? You’re ready. Ansible is versatile
Deploying Kubernetes Without Scaring Away Your Security Team • A playbook can be run repeatedly with the same results • Ansible can audit a system and show potential changes before making them Ansible is repeatable
Deploying Kubernetes Without Scaring Away Your Security Team Ansible playbook
Deploying Kubernetes Without Scaring Away Your Security Team Networking as code
Deploying Kubernetes Without Scaring Away Your Security Team Infrastructure as code
Deploying Kubernetes Without Scaring Away Your Security Team Infrastructure as Code
Deploying Kubernetes Without Scaring Away Your Security Team Ansible Tower ● Adds reporting/accountability ● Dashboards ● Scheduled Jobs ● Multi-Playbook Workflows
Deploying Kubernetes Without Scaring Away Your Security Team • Applies and audits over 180 controls from the STIG* in a few minutes. • Supports CentOS/RHEL 7, Debian, Fedora, OpenSUSE, and Ubuntu 16.04. • Fully open source and looking for new contributors/testers https://github.com/openstack/ansible-hardening * The Security Technical Implementation Guide (STIG) is a set of hardening configurations for various systems published by the US Department of Defense.
Deploying Kubernetes Without Scaring Away Your Security Team • Compliance as Code • Ruby DSL for testing desired state • Ansible to install Inspec • Ansible to deploy Inspec Rules • Sensu Check / Pagerduty Alert • Inspec logs to ELK for Audit https://www.inspec.io
Deploying Kubernetes Without Scaring Away Your Security Team
Deploying Kubernetes Without Scaring Away Your Security Team Example INSPEC rule https://github.com/inspec-stigs/inspec-stig-rhel7
Deploying Kubernetes Without Scaring Away Your Security Team Compliance as Code
Deploying Kubernetes Without Scaring Away Your Security Team Ops Platform [as code] • 2FA SSH Bastion • OAuth Web Portal • Centralized Logging (ELK) • Centralized Monitoring (Sensu) • Builds / Tests / Jobs ( Jenkins ) • Mirrors ( ubuntu, pypi, rubygems ) • and a LOT MORE!https://github.com/sitectl/cuttle Cuttle(pronounced Cuddle)
Deploying Kubernetes Without Scaring Away Your Security Team
Deploying Kubernetes Without Scaring Away Your Security Team
Deploying Kubernetes Without Scaring Away Your Security Team
Deploying Kubernetes Without Scaring Away Your Security Team Cuttle - Bastion ● SSH ( obviously! ) ● 2FA ( Google Authenticator or Yubikey ) ○ https://github.com/blueboxgroup/yubiauthd ○ Each user has own user + pubkey + second factor. ● SSH Agent Auth Proxy ○ https://github.com/blueboxgroup/sshagentmux ○ Adds keys to user’s Agent based on group membership ● ttyspy ○ https://github.com/ibm/ttyspy ○ emulates `script | curl -XPOST https://log-server`
Deploying Kubernetes Without Scaring Away Your Security Team • Ansible Playbooks to deploy Kubernetes • Official(ish) • Install K8s on any Infrastructure • Bare Metal • private cloud • public cloud • VMWare https://github.com/kubernetes-incubator/kubespray
Deploying Kubernetes Without Scaring Away Your Security Team Kubespray is production ready! • Continuous integration • High availability • Upgrades! https://github.com/kubernetes-incubator/kubespray
Deploying Kubernetes Without Scaring Away Your Security Team
Deploying Kubernetes Without Scaring Away Your Security Team Other Considerations: • Build Pipeline - ConcourseCI, Jenkins, etc • Registry - Quay.io or vmware/harbor • extra secure containers - Clear Linux and Kata Containers • Secret Management - Vault • k8s auth/acls - openpolicyagent
Deploying Kubernetes Without Scaring Away Your Security Team Thank you! Paul Czarkowski @pczarkowski Major Hayden @majorhayden

Recommended

The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetesAaron Schlesinger
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Securityinovex GmbH
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes SecurityKarthik Gaekwad
 
Kubernetes security and you
Kubernetes security and youKubernetes security and you
Kubernetes security and youKarthik Gaekwad
 
Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor VolkovKuberton
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes securitySaiyam Pathak
 
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Codemotion
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesSysdig
 

Recommended

The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetesAaron Schlesinger
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Securityinovex GmbH
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes SecurityKarthik Gaekwad
 
Kubernetes security and you
Kubernetes security and youKubernetes security and you
Kubernetes security and youKarthik Gaekwad
 
Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor VolkovKuberton
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes securitySaiyam Pathak
 
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Codemotion
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesSysdig
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deploymentMichael Cherny
 
Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2smalltown
 
KubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautifulKubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautifulKubeAcademy
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Vietnam Open Infrastructure User Group
 
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...Xiaohui Chen
 
The Sysdig Secure DevOps Platform
The Sysdig Secure DevOps PlatformThe Sysdig Secure DevOps Platform
The Sysdig Secure DevOps PlatformAshnikbiz
 
Cloud networking deep dive
Cloud networking deep diveCloud networking deep dive
Cloud networking deep diveamylynn11
 
Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)Weaveworks
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101Kublr
 
Tupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBTupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBDocker, Inc.
 
How to Monitor Microservices
How to Monitor MicroservicesHow to Monitor Microservices
How to Monitor MicroservicesSysdig
 
All Things Open 2017: How to Treat a Network as a Container
All Things Open 2017: How to Treat a Network as a ContainerAll Things Open 2017: How to Treat a Network as a Container
All Things Open 2017: How to Treat a Network as a ContainerRosemary Wang
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environmentsDocker, Inc.
 
Mirantis v OpenStack Ansible Dawn of Production
Mirantis v OpenStack Ansible Dawn of ProductionMirantis v OpenStack Ansible Dawn of Production
Mirantis v OpenStack Ansible Dawn of ProductionTeK Charnsilp Chinprasert
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
 
CDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCCDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCsmalltown
 
Kubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxKubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxmacchiang
 
OpenStack with OpenDaylight
OpenStack with OpenDaylightOpenStack with OpenDaylight
OpenStack with OpenDaylightVikram G Hosakote
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Clustersmalltown
 
Baylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackBaylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackJesse Andrews
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbain|u - The Open Security Community
 

More Related Content

What's hot

Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deploymentMichael Cherny
 
Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2smalltown
 
KubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautifulKubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautifulKubeAcademy
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Vietnam Open Infrastructure User Group
 
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...Xiaohui Chen
 
The Sysdig Secure DevOps Platform
The Sysdig Secure DevOps PlatformThe Sysdig Secure DevOps Platform
The Sysdig Secure DevOps PlatformAshnikbiz
 
Cloud networking deep dive
Cloud networking deep diveCloud networking deep dive
Cloud networking deep diveamylynn11
 
Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)Weaveworks
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101Kublr
 
Tupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBTupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBDocker, Inc.
 
How to Monitor Microservices
How to Monitor MicroservicesHow to Monitor Microservices
How to Monitor MicroservicesSysdig
 
All Things Open 2017: How to Treat a Network as a Container
All Things Open 2017: How to Treat a Network as a ContainerAll Things Open 2017: How to Treat a Network as a Container
All Things Open 2017: How to Treat a Network as a ContainerRosemary Wang
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environmentsDocker, Inc.
 
Mirantis v OpenStack Ansible Dawn of Production
Mirantis v OpenStack Ansible Dawn of ProductionMirantis v OpenStack Ansible Dawn of Production
Mirantis v OpenStack Ansible Dawn of ProductionTeK Charnsilp Chinprasert
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
 
CDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCCDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCsmalltown
 
Kubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxKubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxmacchiang
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Clustersmalltown
 
Baylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackBaylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackJesse Andrews
 

What's hot (20)

Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deployment
 
Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2
 
KubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautifulKubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautiful
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
 
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
 
The Sysdig Secure DevOps Platform
The Sysdig Secure DevOps PlatformThe Sysdig Secure DevOps Platform
The Sysdig Secure DevOps Platform
 
Cloud networking deep dive
Cloud networking deep diveCloud networking deep dive
Cloud networking deep dive
 
Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)Introduction to Kubernetes Security (Aqua & Weaveworks)
Introduction to Kubernetes Security (Aqua & Weaveworks)
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
Tupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBTupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FB
 
How to Monitor Microservices
How to Monitor MicroservicesHow to Monitor Microservices
How to Monitor Microservices
 
All Things Open 2017: How to Treat a Network as a Container
All Things Open 2017: How to Treat a Network as a ContainerAll Things Open 2017: How to Treat a Network as a Container
All Things Open 2017: How to Treat a Network as a Container
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environments
 
Mirantis v OpenStack Ansible Dawn of Production
Mirantis v OpenStack Ansible Dawn of ProductionMirantis v OpenStack Ansible Dawn of Production
Mirantis v OpenStack Ansible Dawn of Production
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant Kubernetes
 
CDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCCDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaC
 
Kubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxKubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linux
 
OpenStack with OpenDaylight
OpenStack with OpenDaylightOpenStack with OpenDaylight
OpenStack with OpenDaylight
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
 
Baylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackBaylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStack
 

Similar to Deploying Kubernetes without scaring off your security team - KubeCon 2017

The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
 
Net Devops Overview
Net Devops OverviewNet Devops Overview
Net Devops OverviewJoel W. King
 
Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...
Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...
Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...Lean IT Consulting
 
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...PranavPatil822557
 
Lessons learned migrating 100+ services to Kubernetes
Lessons learned migrating 100+ services to KubernetesLessons learned migrating 100+ services to Kubernetes
Lessons learned migrating 100+ services to KubernetesJose Galarza
 
Modern Infrastructure from Scratch with Puppet
Modern Infrastructure from Scratch with PuppetModern Infrastructure from Scratch with Puppet
Modern Infrastructure from Scratch with PuppetPuppet
 
Toronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptx
Toronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptxToronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptx
Toronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptxAnurag Dwivedi
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices Hendri Karisma
 
Smart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWSSmart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWSJames Huston
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Miguel Zuniga
 
DevOps Days Boston 2017: Developer first workflows for Kubernetes
DevOps Days Boston 2017: Developer first workflows for KubernetesDevOps Days Boston 2017: Developer first workflows for Kubernetes
DevOps Days Boston 2017: Developer first workflows for KubernetesAmbassador Labs
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container securityVolodymyr Shynkar
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azurekloia
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
Fluo CICD OpenStack Summit
Fluo CICD OpenStack SummitFluo CICD OpenStack Summit
Fluo CICD OpenStack SummitMiguel Zuniga
 

Similar to Deploying Kubernetes without scaring off your security team - KubeCon 2017 (20)

The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 
Net Devops Overview
Net Devops OverviewNet Devops Overview
Net Devops Overview
 
Container Security
Container SecurityContainer Security
Container Security
 
Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...
Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...
Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...
 
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
 
Lessons learned migrating 100+ services to Kubernetes
Lessons learned migrating 100+ services to KubernetesLessons learned migrating 100+ services to Kubernetes
Lessons learned migrating 100+ services to Kubernetes
 
Modern Infrastructure from Scratch with Puppet
Modern Infrastructure from Scratch with PuppetModern Infrastructure from Scratch with Puppet
Modern Infrastructure from Scratch with Puppet
 
Devops architecture
Devops architectureDevops architecture
Devops architecture
 
Toronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptx
Toronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptxToronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptx
Toronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptx
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native Security
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et Rancher
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
Smart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWSSmart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWS
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014
 
DevOps Days Boston 2017: Developer first workflows for Kubernetes
DevOps Days Boston 2017: Developer first workflows for KubernetesDevOps Days Boston 2017: Developer first workflows for Kubernetes
DevOps Days Boston 2017: Developer first workflows for Kubernetes
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et Rancher
 
Fluo CICD OpenStack Summit
Fluo CICD OpenStack SummitFluo CICD OpenStack Summit
Fluo CICD OpenStack Summit
 

More from Major Hayden

Continuous Kernel Integration
Continuous Kernel IntegrationContinuous Kernel Integration
Continuous Kernel IntegrationMajor Hayden
 
I was too burned out to name this talk
I was too burned out to name this talkI was too burned out to name this talk
I was too burned out to name this talkMajor Hayden
 
Cookies for kernel developers
Cookies for kernel developersCookies for kernel developers
Cookies for kernel developersMajor Hayden
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleMajor Hayden
 
Grow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorGrow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorMajor Hayden
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsMajor Hayden
 
When flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleWhen flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleMajor Hayden
 
Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleMajor Hayden
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
 
Taming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioTaming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioMajor Hayden
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible SecurityMajor Hayden
 
Taming the Technical Talk
Taming the Technical TalkTaming the Technical Talk
Taming the Technical TalkMajor Hayden
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015Major Hayden
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Major Hayden
 
Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Major Hayden
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Cloud Data Security
Cloud Data SecurityCloud Data Security
Cloud Data SecurityMajor Hayden
 
ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24Major Hayden
 

More from Major Hayden (19)

Continuous Kernel Integration
Continuous Kernel IntegrationContinuous Kernel Integration
Continuous Kernel Integration
 
I was too burned out to name this talk
I was too burned out to name this talkI was too burned out to name this talk
I was too burned out to name this talk
 
Cookies for kernel developers
Cookies for kernel developersCookies for kernel developers
Cookies for kernel developers
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with Ansible
 
Grow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorGrow your community: Inspire an Impostor
Grow your community: Inspire an Impostor
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack Clouds
 
When flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleWhen flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and Ansible
 
Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-Ansible
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-Ansible
 
Taming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioTaming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San Antonio
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible Security
 
Taming the Technical Talk
Taming the Technical TalkTaming the Technical Talk
Taming the Technical Talk
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
 
Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)
 
Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilities
 
Cloud Data Security
Cloud Data SecurityCloud Data Security
Cloud Data Security
 
ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24
 

Recently uploaded

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Deploying Kubernetes without scaring off your security team - KubeCon 2017