Containers, Kubernetes and Practical DevSecOps

06/18/2019 - 17:20 to 18:00
long talk (40 min)

Session abstract: 

Kubernetes is going to run more and more in security critical environments.

What does this mean to run microservices in a "secure" way?  The good news is: Kubernetes has everything build in to run microservices on the highest security level. The bad news: it is hard to sort out which level is appropriate for your application.

Several examples are discussed like doing DevSecOps with access logs in medical environments, traffic control systems, energy in critical infrastructure, trains, telephony. We report the feedback from security audits.

The art of the microservice architecture is to find the appropriate level of security starting with running distributed databases correctly, setting up roles the right way for the level of multitenancy, applying a network policy implementing network layer or using TLS sidecar proxies and Istio in a zero trust infrastructure.