Secure Development on Kubernetes

This repository contains all the associated code labs for the deep dive session on Secure Development on Kubernetes.

Table of Contents

• Requirements and Setup
  • Setup Google GKE
• K8s Authorization (RBAC)
• Helpful tools for K8s Security
• Labs
  • Iteration 1: Application Security
  • Iteration 2: Container Security
  • Iteration 3: Kubernetes Security

Requirements and Setup

Please check the Requirements and Setup section first before looking into the Labs.

Helpful Tools for K8s Security

For helpful tools see here.

Kubernetes Authorization with RBAC

For an introduction into Kubernetes RBAC see here

Labs

Please follow the corresponding tutorial for the labs.

Introduction

• Linux & Container Basics

Iteration 1: Application Security

• Hello Spring Boot

Iteration 2: Container Security

• Root Container
• Rootless Container
• Rootless Container with JIB
• Rootless Container with Paketo

Iteration 3: Kubernetes Security

• Initial Unsafe Kubernetes Deployment
• Safe Kubernetes Deployment (Pod Security Context)
• Safe Kubernetes Deployment (Pod Security Admission)
• Safe Kubernetes Deployment (Open Policy Agent)

Feedback

Any feedback on this hands-on workshop is highly appreciated.

Please either email andreas.falk(at)novatec-gmbh.de or contact me via Twitter (@andifalk).

License

Apache 2.0 licensed