A presentation at 12 Clouds of Christmas in
December 2018 in
Austin, TX, USA by
K8s Security Tools Karthik Gaekwad @iteration1 The Dog Days of Devops, August 2018
Karthik Gaekwad @iteration1
Used to be a dev.
Cloud Native Evangelist, Oracle Cloud Infrastructure
My worlds are colliding…
Reading K8s hardening docs.
Here’s what I have
3 tools you should know
“The Kubernetes Bench for Security is a Go application that checks whether Kubernetes is deployed according to security best practices.”
Defined by the CIS Benchmarks Docs: https:// www.cisecurity.org/cis-benchmarks/
Run it against your Kubernetes Master, or Kubernetes node.
https://kubesec.io/ from controlplane
Helps you quantify risk for K8s resources.
Run against your K8s applications (deployments/pods/ daemonsets etc)
Can be used standalone, or as a kubectl plugin (https:// github.com/stefanprodan/kubectl-kubesec)
Opensourced from Shopify.
Helps with auditing your applications in your K8s cluster.
Little more targeted than Kubesec.
Check the resources from this talk by Michael Hausenblas: https://speakerdeck.com/mhausenblas/ kubernetes-security-from-image-hygiene-to-networkpolicies
More cool tools? Tweet me @iteration1
View Kubernetes security and you on Notist.
A lightning talk I gave at CloudAustin in 2018 on Kubernetes security covering kube-bench, kubesec, and kubeAudit