logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Laurent Bernaille, Marcel Zięba
2023-04-20

tldr - powered by Generative AI

The presentation discusses challenges in running large Kubernetes clusters and offers best practices to overcome them. It also highlights the importance of using informers and avoiding list calls to improve performance.
  • Running large Kubernetes clusters is challenging despite community improvements
  • Defaults are not always enough and best practices should be followed
  • Avoid list calls and use informers to improve performance
  • Memory and CPU buffer should be maintained to handle bad events
  • Streaming lists in Kubernetes 1.27 can improve memory usage
Authors: Ariel Shuper
2022-06-22

tldr - powered by Generative AI

The need for a deeper Kubernetes risk assessment framework beyond the current CIS benchmarks
  • The current common Kubernetes risk assessment framework is based on the CIS benchmarks for Kubernetes
  • The framework only covers security misconfigurations and doesn't go deeper than the security configurations of the various elements
  • Real attacks can start by multiple elements expanding beyond security misconfigurations
  • There is a need for an additional risk-assessment framework that can go deeper than the Kubernetes configurations, verifying that all other attack methods, steps, and stages are covered
  • MITRE has crafted an ATT&CK matrix for containers/Kubernetes, which consists of tactics and techniques used in real attacks
Authors: Kevin Ward
2022-05-19

tldr - powered by Generative AI

The presentation discusses the importance of securing Kubernetes operators and suggests using a pipeline and static analyzer to detect vulnerabilities.
  • Operators are automated runbooks that can pose security risks if not properly secured
  • Bad Robot is a tool that can scan operator manifests for vulnerabilities
  • Developers should be explicit about the permissions and resources an operator can access
  • Restricting an operator to specific namespaces and resources can improve security
  • A pipeline and static analyzer can help detect vulnerabilities in operators