Simplifying Kubernetes Pod Security Policies: Effective Containers Security

Presented by

Ariel Shuper, VP Product

About this talk

An Innovative approach to Kubernetes Security The Kubernetes Pod Security Policy (PSP), allows users to set fine-grained authorizations for pod creation and update. Pod Security Policy defines a set of conditions (a.k.a Security context) that pods must meet to be accepted by the cluster; when a request to create or update a pod does not meet the conditions in the Pod Security Policy, that request is rejected and an error is returned. Despite the huge benefits PSP provides Kubernetes users, its adoption is relatively low and even PSP adopters select minimal security context for their pods. Some of the reasons for this anomaly are the complex settings (RBAC mechanism) and the lack of granular implementations (ServiceAccount level). On this webinar we explore the benefits and challenges of setting up PSP authorization rules. We will also cover innovative methods Portshift uses to apply PSP without the complex RBAC settings and with fine-grained granular implementation. Key Discussion Points: 1.What are Pod Security Profiles 2. The attack vectors eliminated by PSP 3. Recommended PSP profiles (strict and flexible profile) 4. Granular PSP implementations Ariel Shuper is VP Product @Portshift, specializing in cloud native based security for microservices. Ariel was the head of serverless security offering at Aqua security and prior to that, he spent 5 years in various roles at Check-Point Technologies, focusing on security posture and network security in public clouds. Ariel has been a presenter at events such as Microsoft Tech Summit, Build, KubeCon/CloudNativeCon, and various serverless events.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (10)
Subscribers (1030)
Portshift is a Kubernetes-native security leader leveraging the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications protection. Portshift is the only solution offering an agentless approach, with a single Kubernetes admission controller for seamless integration.