Ariel Shuper, VP Product Portshift.io
An Innovative approach to Kubernetes Security
The Kubernetes Pod Security Policy (PSP), allows users to set fine-grained authorizations for pod creation and update. Pod Security Policy defines a set of conditions (a.k.a Security context) that pods must meet to be accepted by the cluster; when a request to create or update a pod does not meet the conditions in the Pod Security Policy, that request is rejected and an error is returned.
Despite the huge benefits PSP provides Kubernetes users, its adoption is relatively low and even PSP adopters select minimal security context for their pods. Some of the reasons for this anomaly are the complex settings (RBAC mechanism) and the lack of granular implementations (ServiceAccount level).
On this webinar we explore the benefits and challenges of setting up PSP authorization rules. We will also cover innovative methods Portshift uses to apply PSP without the complex RBAC settings and with fine-grained granular implementation.
Key Discussion Points:
1.What are Pod Security Profiles
2. The attack vectors eliminated by PSP
3. Recommended PSP profiles (strict and flexible profile)
4. Granular PSP implementations
Ariel Shuper is VP Product @Portshift, specializing in cloud native based security for microservices. Ariel was the head of serverless security offering at Aqua security and prior to that, he spent 5 years in various roles at Check-Point Technologies, focusing on security posture and network security in public clouds. Ariel has been a presenter at events such as Microsoft Tech Summit, Build, KubeCon/CloudNativeCon, and various serverless events.