Containers and DevOps principles give modern organizations the ability to leverage microservice architectures and enable speed and portability in development, but can also create security risks that increase the attack surface within a production environment. The large majority of organizations today use Kubernetes to orchestrate some portion of their container workloads, but without the proper configurations, Kubernetes can cause serious security issues after an application has been deployed. Due to the DevOps principles that guide Kubernetes management, however, the responsibility of configuring a Kubernetes environment has shifted left to the developer, requiring a process-pivot toward empowering developers with easy-to-use, automated security tooling.
Snyk works closely with Red Hat OpenShift to make Kubernetes management simple and secure, allowing development teams to identify and remediate misconfigurations and even prevent builds or deployments that don’t meet security or DevOps best practices requirements.
In this live hacking presentation, experts from Snyk and Red Hat will demonstrate some of the key security issues that affect a Kubernetes configuration, including:
Security context pitfalls like Privileged pods
Running pods without resource limitations
We’ll explain what these security issues entail, what an attacker can do to a Kubernetes cluster, and how development teams can fix them.