What We Discuss with Mark Manning:
- What is Kubernetes & Kubernetes Security for you?
- What are the common components of Kubernetes for Risk Analysis?
- Where does one start as a newbee with Kubernetes Risk Anaysis?
- What is an example of a good Kuberentes Architecture?
- What’s an anti-pattern of Kubernetes deployment?
- What are the low hanging fruits outside of Auth/AuthZ for Kubernetes Risk Analysis?
- How do you get inventory of all the elements in a cluster?
- How do you analyze a cluster RBAC and how can we ensure the cluster admins implementing it properly and securely?
- Any tool other than kubectl, which can detect these security risks configurations?
- Thoughts on Kubernetes CIS Benchmark?
- Security for container in runtime?
- Is sidecar monitoring the only way to monitor run time of docker containers?
- Thoughts on Pod Security Policy?
- How do you do Risk Analysis for Kubernetes with 1 Cluster per Business Unit?
- Given a choice would you go CSP Managed or bare metal deployment of Kubernetes?
- Is GKE more forward thinking for security than AWS EKS?
- Isn’t rancher used to manage the Kubernetes cluster
- What Risk Analysis method do you use and how to influence the culture in developers?
- Drift Detection in Kubernetes Cluster?
- Why would one pick Kubernetes if there is drift in cluster post deployments?
- Kubernetes being used for infra orchestration in the cloud, like what they’re trying to do with cross plane. What are you? Security concerns that that happens?
- And much more…
THANKS, Mark Manning!
If you enjoyed this session with Mark Manning, let him know by clicking on the link below and sending her a quick shout out at Twitter:
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at email@example.com.
Resources from This Episode:
- CNCF Landscape Image
- Kubernetes Harbour
- NCC Group Blog – Mark Manning
- Rory McCune – Github
- Rory McCune – Blogs
- Kubernetes CIS
- Kubernetes CIS GKE
- Calico with eBPF mode
- Kubernetes OPA
- Kubernetes Admission Control
- Pod Security Policy
- Borg Processor
- Azue AKS
- Google Cloud GKE
- Rancher K3s
- Magoo Risk Assessment
- Engineering Trust Worthy System
- Install Kubernetes on Rasberry Pi
- Kubernetes Docker – Kind
- Mark Manning – BSlides Rochester Talk
- Tools & services, discussed during the Interview