logo

Securing Access to Kubernetes Infrastructure with Kubernetes Zero Trust Principles

2022-10-24

Authors:   Mohan Atreya


Summary

The presentation discusses the challenges of managing RBACs and access control in Kubernetes at scale and introduces an open-source project called Periscope to automate the process.
  • Managing RBACs and access control in Kubernetes at scale is a challenge for organizations with hundreds of clusters and developers.
  • Manual management of RBACs is impractical and requires automation to ensure the right people have access to the right things.
  • Periscope is an open-source project that automates RBAC management and access control in Kubernetes.
  • Periscope allows for secure access to clusters behind a firewall and dynamically injects RBACs just in time.
  • Periscope also provides strong authentication for all user access and allows for governance and compliance by tracking commands run against clusters.
The speaker describes how organizations often resort to using VPNs or complicated Bastion or VPN-based user experiences to manage access to clusters, which can be frustrating for developers and costly for organizations. Periscope offers a solution to these challenges by automating RBAC management and access control in Kubernetes, allowing for secure and efficient access to clusters.

Abstract

As a Kubernetes footprint expands through a number of development and production clusters – spread across on-premises data centers, multiple public cloud providers, and edge locations – it shouldn’t be a surprise that complexity leads to challenges. When it comes to ensuring Kubernetes security and controlling access to clusters, limited standards and shared practices are creating a “wild west” scenario. Many organizations have multiple clusters in multiple locations—often running different distributions with different management interfaces—and teams of developers, operators, contractors, and partners who need varying levels of access. If your team is deploying Kubernetes in production, you have to do everything possible to ensure access security. In this presentation, we’ll review how to apply Kubernetes zero trust principles to enable controlled, audited cluster access for developers, SREs and automation systems to a Kubernetes infrastructure.

Materials: