Everyone has been told not to run with scissors. Doing so makes one highly exposed to serious damage. Both containers and Kubernetes define a bajillion different toggles how to configure the applications. Rather than using all the proper toggles, developers often run things in containers and in Kubernetes just using the plain defaults. That leaves many capabilities lurking in the applications that just wait to be exploited.

This session is highly inspired by Liz Rice’s talk at KubeCon EU 2018, “Running with scissors”. My session will focus on a different angle: how to take the scissors away from the developers so that they do not harm themselves.

In this talk, we’ll look at some of the concepts of forcing security of the application workloads both from conceptual and practical points of view. We’ll look at things like security policies, resource quotas, and pod security contexts. We’ll also discuss what they mean for the applications developers are pushing to the Kubernetes cluster.