Beyond Kubernetes Security


Authors:   V Körbes, Tabitha Sable


The presentation discusses how to set user and group for a running container using port security context in Kubernetes, and how it can improve security practices.
  • Default user for a container is root, which can be a security risk
  • Security context in Kubernetes can be used to set user and group for a container
  • FS group option can be used to set supplementary group for files within a shared volume
  • Changing user and group for a container can improve security practices
The presenter demonstrates how to modify a deployment manifest to set user and group for a container, and how it affects file ownership and permissions within the container and shared volume.


Kubernetes is "the universal control plane," a "platform to build platforms," and its utility is more than just improved deployment and scaling. Your Kubernetes environment can support you as you level-up your security practices. In this blockbuster action thriller, Tabitha and Ellen will hack and defend Kubernetes for your education and amusement, including both commonplace and advanced attacks. They'll show ways Kubernetes can help you level-up your response to today’s challenges, including software supply chain issues. You'll leave inspired and ready to think beyond Kubernetes security.