root権限無しでKubernetesを動かす (30min) Akihiro Suda ( @_AkihiroSuda_ ), NTT
Container Runtime Security with Falco (30min) Michael Ducy, sysdig
セキュリティモニタリングツール
https://falco.org/
https://github.com/falcosecurity/falco
Secure your K8s cluster from multi-layer (30min) JIANTANG HAO, Yahoo Japan
Enable RBAC
Enable TLS
Encripting Secret data
Enable audit log
Admission Controllers
Validation, Mutationg or Both
ValidationWebhookConfiguration resource
k8s workload layer
Run container as a Non-RootUser
Run a Cluster-wide Pod Security policy
Create and Define Cluster network policy
Use namespace for isolation
Controlling witch nodes pods may access
Controlling the capabilites by setting Resource Quota
Security Context
PodSecurityPolicy -> Binding Role or clusterRole.
KataContainers
https://kubesec.io/
LT 1: Kubernetes 1.12 から実装された Runtime Classについて @makocchi
https://speakerdeck.com/makocchi/what-is-kubernetes-runtimeclass
https://kubernetes.io/docs/concepts/containers/runtime-class/
LT 2: Kubernetes初心者がKubernetesの気持ちを理解したくてやったこと @_inductor_
LT 3: kube-system意識出来ていますか? @tarosaiba
LT 4: イベント駆動ワークフローArgo Eventsの紹介 @dtaniwaki
https://github.com/argoproj/argo
https://github.com/argoproj/argo-events