Tuesday, May 21 • 15:55 - 16:30
Using K8s Audit Logs to Secure Your Cluster - Mark Stemm, Sysdig

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
K8s Audit Logs are a new feature in K8s 1.11/1.13 which allow an operator to see a stream of events from the API server that show the changes being made to your cluster. In this talk, we’ll describe how auditing works and how to get it working it for popular K8s variants. Then we’ll dive into specific security-oriented use cases, showing how you can use audit logs to enforce security best practices, detect misuse, and fill the gap between what you think the cluster is running and what's actually running. Some specific use cases we’ll discuss include misuse of configmaps to hold sensitive data, overly loose permissions on pods/services, and abuse of cluster role bindings that grant too many (or the wrong) permissions. Attendees should come away with the ability to enable K8s Audit Support in their cluster and what to look for in their audit logs to ensure that their cluster is secure.

avatar for Mark Stemm

Mark Stemm

Senior Software Engineer, Sysdig
Mark is a Senior Software Engineer at Sysdig. He has a B.S. in Math/CS from Carnegie Mellon University and a M.S./Ph.D. in Computer Science from the University of California, Berkeley. | | He's worked at Fast Forward Networks on the first generation of internet-based live video... Read More →

Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 A1