# Kubernetes Security
Platform-as-a-Service *Nicholas Dille, Haufe Group*
Docker Captain
Microsoft MVP
[@nicholasdille](https://twitter.com/nicholasdille)
[@nicholasdille@freiburg.social](https://freiburg.social/@nicholasdille)
## Kubernetes Platform Kubernetes is an ops platform Requires interface between dev and ops discipline  ### Flavours Cluster-as-a-Service Namespace-as-a-Service --- ## Operational responsibility Who owns the Kubernetes platform?  ### Inside team Vague separation of concerns Administrative permissions available to all team members  ### Outside team Strict separation of concerns Delegation of necessary permissions --- ## Security
Omnipresent topic ### Many aspects Separation of concerns Isolation of components Vulnerability tracking Automated updates Dependency updates --- ## Agenda Part 1: Platform-as-a-Service (2023-04-24) -
Namespaces -
RBAC and
Impersonation -
Service Accounts -
Pod Security Standards Part 2: Network Policies (2023-05-03) Part 3: Policies (2023-05-10) Part 4: Supply Chain Security (2023-05-17) ### Hourly breaks
##
Namespaces
##
Role-Based Access Control
##
RBAC Impersonation
##
Service Accounts
##
Certificate Authentication
##
Auditing
##
Pod Security Standards
## Summary -
Namespaces do not provide hard boundaries -
RBAC is hard to control -
RBAC impersonation protect from mistakes -
Auditing helps to find loop holes -
Pod Security can be enforced ### Upcoming webinars 2023-05-03 - Network Policies 2023-05-10 - Policies 2023-05-17 - Supply Chain Security