Today, many organisations are greatly simplifying their code-to-customer journey by building internal technology platforms powered by Kubernetes. Folks are adopting modern DevOps practises like GitOps, IaC, CI / CD to deliver customer value often and at fast pace. But Kubernetes is not secure by default and more often than not the vanilla installation can drastically compromise the risk and security posture resulting is increased risk of exposure.
In this talk, we will look at a layered security model for kubernetes and touch on native must-have k8s objects and configuration, ebpf based open-source tooling and finally cover off the recent developments in supply chain security that can apply to kubernetes.