What We Discuss with Mark Manning:
- What is Kubernetes & Kubernetes Security for you?
- What are the common components of Kubernetes for Risk Analysis?
- Where does one start as a newbee with Kubernetes Risk Anaysis?
- What is an example of a good Kuberentes Architecture?
- What’s an anti-pattern of Kubernetes deployment?
- What are the low hanging fruits outside of Auth/AuthZ for Kubernetes Risk Analysis?
- How do you get inventory of all the elements in a cluster?
- How do you analyze a cluster RBAC and how can we ensure the cluster admins implementing it properly and securely?
- Any tool other than kubectl, which can detect these security risks configurations?
- Thoughts on Kubernetes CIS Benchmark?
- Security for container in runtime?
- Is sidecar monitoring the only way to monitor run time of docker containers?
- Thoughts on Pod Security Policy?
- How do you do Risk Analysis for Kubernetes with 1 Cluster per Business Unit?
- Given a choice would you go CSP Managed or bare metal deployment of Kubernetes?
- Is GKE more forward thinking for security than AWS EKS?
- Isn’t rancher used to manage the Kubernetes cluster
- What Risk Analysis method do you use and how to influence the culture in developers?
- Drift Detection in Kubernetes Cluster?
- Why would one pick Kubernetes if there is drift in cluster post deployments?
- Kubernetes being used for infra orchestration in the cloud, like what they’re trying to do with cross plane. What are you? Security concerns that that happens?
- And much more…
THANKS, Mark Manning!
If you enjoyed this session with Mark Manning, let him know by clicking on the link below and sending her a quick shout out at Twitter:
Click here to thank Mark Manning at Twitter!
Click here to let Ashish know about your number one takeaway from this episode!
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at email@example.com.
Resources from This Episode:
- CNCF Landscape Image
- Kubernetes Harbour
- NCC Group Blog – Mark Manning
- Rory McCune – Github
- Rory McCune – Blogs
- Kubernetes CIS
- Kubernetes CIS GKE
- Calico with eBPF mode
- Kubernetes OPA
- Kubernetes Admission Control
- Pod Security Policy
- Borg Processor
- Azue AKS
- Google Cloud GKE
- Rancher K3s
- Magoo Risk Assessment
- Engineering Trust Worthy System
- Install Kubernetes on Rasberry Pi
- Kubernetes Docker – Kind
- Mark Manning – BSlides Rochester Talk
- Tools & services, discussed during the Interview