Loading…
Virtual Event
May 4, 2021
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2021 - Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (CEST). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Tuesday, May 4 • 13:55 - 14:25
Lightning Talks: Namespaces-as-a-Service with HNC and Kyverno!, Securing CI/CD Infrastructure for Tinkerbell, & Challenges in Cloud Native Forensics

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
13:55-14:05 CEST
Lightning Talk: Namespaces-as-a-Service with HNC and Kyverno! - Jim Bugwadia, Nirmata & Adrian Ludwin, Google
Kubernetes namespaces provide a strong security boundary and allow sharing cluster resources to reduce costs and increase efficiencies. However, enabling secure self-service namespaces is complex. In this session, Jim and Adrian from the Kubernetes Multi-Tenancy Working Group will demonstrate how the Hierarchical Namespace Controller (HNC) and Kyverno can be used together to enable “namespaces-as-a-service” for enterprise teams. First, Jim will show Kyverno how it can automate fine-grained permission management, enforce security, and generate default configurations. Next, Adrian will discuss how HNC makes it easy for developers to manage additional sub-namespaces without requiring cluster-admin privileges. They will then show a live demonstration of using the two CNCF projects together to enable self-service for namespaces without compromising security.

14:05-14:15 CEST
Lightning Talk: Securing CI/CD Infrastructure for Tinkerbell - David McKay, Equinix Metal
Tinkerbell, a CNCF sandbox project, has some pretty unique CI/CD needs. As a bare metal provisioning system, CI/CD involves running servers for DHCP, iPXE, virtual machines with QEMU, and a few others bits and pieces. This use-case is not natively supported by most CI/CD SaaS vendors. To tackle this, the Tinkerbell team has automated the management and provisioning of their own CI/CD runners using a collection of off-the-shelf tools. You will learn how Tinkerbell secured their unique infrastructure and how to approach securing your own CI/CD stack. We will demonstrate Tinkerbell’s provisioning tools and dive deep into how they were configured for security. The same tools are publicly available and could be used in your own CI/CD setups. You will also learn how to secure engineer access to your infrastructure without getting tied to a single cloud provider.

14:15-14:25 CEST
Lightning Talk: Challenges in Cloud Native Forensics - Andrew Krug, Datadog
As more companies have gone cloud native the focus on resilience has largely focused on detection and speedy recovery. These are only two tactics that should be in the defense toolbox. Forensics is a discipline that has arguably suffered as log volumes and DevOps culture has become more normative. In my session, I’ll demonstrate where the gaps exist and how the ecosystem could improve capabilities around the art of forensics.
Speakers
avatar for Andrew Krug

Andrew Krug

Security Evangelist, Datadog
Andrew Krug is a Security Engineer specializing in Cloud Security and Identity and Access Management. Krug also works as a Cloud Security consultant and started the ThreatResponse project a toolkit for Amazon Web Services first responders. Krug has been a speaker at Black Hat USA... Read More →
avatar for David McKay

David McKay

Senior Developer Advocate, Equinix Metal
David is a Senior Developer Advocate at Equinix Metal, CNCF Ambassador, and a member of the Kubernetes org and release team. As a professional technology magpie, David was an early adopter of cloud, container, and cloud-native technologies; crossing the murky waters of AWS in 2008... Read More →
avatar for Jim Bugwadia

Jim Bugwadia

Co-founder and CEO, Nirmata
Jim Bugwadia is a co-founder and the CEO of Nirmata, the Kubernetes policy and governance company. Jim is an active contributor in the cloud native community and currently serves as co-chair of the Kubernetes Policy and Multi-Tenancy Working Groups. Jim is also a co-creator and maintainer... Read More →
avatar for Adrian Ludwin

Adrian Ludwin

Senior Software Engineer, Google
Adrian is a software engineer on the Google Kubernetes Engine (GKE) in Kitchener, Ontario, and created the Hierarchical Namespace Controller (HNC). Before Google, he was a developer at Intel’s Programmable Solutions Group (formerly Altera) in Toronto, and specialized in parallel... Read More →

Namespaces as a Service with HNC and Kyverno JimBugwadia AdrianLudwin May4th2021 v1.pptx pdf
Securing CI CD Infrastructure for Tinkerbell pdf
Plain Text Transcript 48 QRFC 7192
Tuesday May 4, 2021 13:55 - 14:25 CEST
Virtual
  Lightning Talk