Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Rita Zhang, Tim Allclair, Mo Khan
2022-10-28
tldr - powered by Generative AI
The presentation discusses the major enhancements the SIG is working on for authentication and authorization, including Pod Security, KMS encryption, structured configuration, reduction of legacy service account token attack surface area, and certificate signing request duration control. It also explains how to set up authentication and credentials for paths, and the different levels of specificity for credentials.
- Major enhancements for authentication and authorization
- Pod Security
- KMS encryption
- Structured configuration
- Reduction of legacy service account token attack surface area
- Certificate signing request duration control
- How to set up authentication and credentials for paths
- Different levels of specificity for credentials
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Mike Danese, Margo Crawford
2022-05-19
tldr - powered by Generative AI
The presentation discusses authentication and authorization in the context of a test server, covering how to indicate a path that requires authentication, setting up credentials at different levels of specificity, and the hierarchy of authentication attempts.
- Authentication can be indicated on a path by locking a padlock icon
- Credentials can be set at different levels of specificity, including the global organizational level, the warehouse server level, the client level, and the path level
- The program will attempt to authenticate using the most specific credentials first, following a hierarchy from path to client to warehouse to global
- An anecdote is provided where the presenter intentionally sets incorrect credentials at the path level to demonstrate the hierarchy of authentication attempts
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Lachie Evenson
2022-05-18
tldr - powered by Generative AI
The presentation discusses the importance of pod security in Kubernetes clusters and how it can be used to improve the security of workloads. It also covers the migration from pod security policy to pod security.
- Pod security is a built-in admission controller in Kubernetes that evaluates pod specifications against a predefined set of pod security standards.
- It provides policy standards to restrict pod privileges, reducing the surface area of attacks and making the cluster more secure.
- Pod security is simple and easy to use, with pre-defined standards that align with Kubernetes security best practices.
- Pod security policy, which is being deprecated, can be migrated to pod security using a well-defined process.
- Pod security does not support mutation, which is the ability to change Kubernetes resources server-side.
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Tim Allclair, Tabitha Sable
2021-10-15
tldr - powered by Generative AI
Lessons learned from developing Pod Security Admission in Kubernetes
- Big decisions have a life cycle and require a shared understanding of the problem and potential solutions
- Technical decisions involve feelings and exploring big questions together in a more informal setting can help build consensus
- Pod Security Admission was developed based on end user experiences and with consideration for other options available
- Collaboration and coordination between SIG Security and SIG Auth led to a prototype that combined the strengths of two competing proposals
- There is room for improvement in the documentation and migration from PSP