Name: Using K8s Audit Logs to Secure Your Cluster - Mark Stemm, Sysdig
Start: 2019-05-21T15:55:00+0200
End: 2019-05-21T16:30:00+0200

Barcelona, Spain
May 20–23, 2019
Click here for more information and registration

View Conference Venue and Sponsor Showcase Map

Back To Schedule

Using K8s Audit Logs to Secure Your Cluster - Mark Stemm, Sysdig

Feedback form is now closed.

K8s Audit Logs are a new feature in K8s 1.11/1.13 which allow an operator to see a stream of events from the API server that show the changes being made to your cluster. In this talk, we’ll describe how auditing works and how to get it working it for popular K8s variants. Then we’ll dive into specific security-oriented use cases, showing how you can use audit logs to enforce security best practices, detect misuse, and fill the gap between what you think the cluster is running and what's actually running. Some specific use cases we’ll discuss include misuse of configmaps to hold sensitive data, overly loose permissions on pods/services, and abuse of cluster role bindings that grant too many (or the wrong) permissions. Attendees should come away with the ability to enable K8s Audit Support in their cluster and what to look for in their audit logs to ensure that their cluster is secure.

Speakers

Mark Stemm

Senior Software Engineer, Sysdig

Mark is a Senior Software Engineer at Sysdig. He has a B.S. in Math/CS from Carnegie Mellon University and a M.S./Ph.D. in Computer Science from the University of California, Berkeley. He's worked at Fast Forward Networks on the first generation of internet-based live video broadcasting... Read More →

K8s Audit Logs KubeconEU 2019 pdf

Tuesday May 21, 2019 15:55 - 16:30 CEST
Hall 8.0 A1

Operations

Skill Level Intermediate (Mid-level experience)
Link to Session Recording https://youtu.be/h0h9QWhGFS4

KubeCon + CloudNativeCon Europe 2019

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Mark Stemm