Kubernetes Forum Delhi 2020

Kubernetes is currently the most popular container orchestration engine of choice, but its security is debatable. There are some vulnerabilities that have recently been discovered in Kubernetes and Docker.

So what are the potential risks of these vulnerabilities to the applications and business suing Kubernetes, and how we can prevent these security threat.

The talk will cover what are some of the known vulnerabilities in Kubernetes and how we can use open source tools like Notary & OPA to save our cluster from potential security loopholes.

Outline
1. How vulnerable is your Kubernetes cluster?
2. Past known vulnerabilities in Kubernetes and their potential risks. How to fix these known vulnerabilities.
4. Security best practices to be followed while designing a Kubernetes cluster.
5 How to use open source tools like Notary & OPA, to do a security analysis of your K8s cluster.

Security in the world of containers has become complex as we use different base images. We cannot be aware of what our containers are made up of and cope up with dependencies and transitive dependencies and their updates.

On average at least 30 vulnerabilities exist in the top 10 docker images. Do you know if you’re using any of these? If your application containers are based on vulnerable images, your deployment could be open to attack. In this talk, you’ll learn about practical actions to address vulnerabilities in your container images.

I will be demonstrating securing the images in a Harbor registry by integrating the open-source Trivy image scanning tool. Trivy is very easy to use and can also be integrated with the existing CI/CD pipelines. After this session, attendees will take away the best practices in securing their container workloads.