Edited at

Kubernetes Meetup Tokyo #17: セキュリティ & オブザーバビリティ 参加メモ

https://k8sjp.connpass.com/event/120074/


root権限無しでKubernetesを動かす (30min) Akihiro Suda ( @_AkihiroSuda_ ), NTT

https://www.slideshare.net/AkihiroSuda/rootkubernetes


Container Runtime Security with Falco (30min) Michael Ducy, sysdig

セキュリティモニタリングツール

https://falco.org/

https://github.com/falcosecurity/falco


Secure your K8s cluster from multi-layer (30min) JIANTANG HAO, Yahoo Japan

Enable RBAC

Enable TLS

Encripting Secret data

Enable audit log

Admission Controllers

Validation, Mutationg or Both

ValidationWebhookConfiguration resource

k8s workload layer

Run container as a Non-RootUser

Run a Cluster-wide Pod Security policy

Create and Define Cluster network policy

Use namespace for isolation

Controlling witch nodes pods may access

Controlling the capabilites by setting Resource Quota

Security Context

PodSecurityPolicy -> Binding Role or clusterRole.

KataContainers

https://kubesec.io/


LT 1: Kubernetes 1.12 から実装された Runtime Classについて @makocchi

https://speakerdeck.com/makocchi/what-is-kubernetes-runtimeclass

https://kubernetes.io/docs/concepts/containers/runtime-class/


LT 2: Kubernetes初心者がKubernetesの気持ちを理解したくてやったこと @_inductor_

https://speakerdeck.com/inductor/kubernetes-for-beginners


LT 3: kube-system意識出来ていますか? @tarosaiba

https://speakerdeck.com/tarosaiba/kube-systemluo-tositemimasita-870cca89-9f65-48d8-abda-a2a320c45384


LT 4: イベント駆動ワークフローArgo Eventsの紹介 @dtaniwaki

https://github.com/argoproj/argo

https://github.com/argoproj/argo-events


LT 5: k8sとOPAつなげてみた Kengo Suzuki

https://speakerdeck.com/ken5scal/k8stoopatunaketemita-admission-controllerbian