Kubernetes Security, Part 2: Managing POD Run Time Security

Kubernetes Security, Part 2: Managing POD Run Time Security In this video, we will examine POD security settings (SecurityContext object), how to manipulate them, and why a misconfigured POD could pose a severe security threat. We will then look at ways to secure the PODs through Kubernetes’ POD “Security Admission” policies which provide a good security foundation for most projects. There will be situations where “Security Admission” policies may not be sufficient, for those situations, we will introduce you to the “Open Policy Agent” (OPA) security framework. OPA is a vast topic and in this video, we will provide the foundation to help you get started. To prevent PODs from directly interacting with the host and thus enhancing the POD runtime security, we will introduce the Secure Runtimes concept and architecture (gVisor for this video). Demo scripts: https://github.com/gary-RR/gary-RR-myYouTube_video_POD_Security Timecodes 0:00 - Intro 4:40 - POD SecurityContext Intro. 9:36 - Setting Container Capabalities. 10:53 - POD SecurityContext and Container Cpapabilies Demos. 28:42 - Managing POD Security through "POD Security Admission" Policies Overview. 41:59 - POD Security Admission Policies Demos. 53:32 - Open Policy Agent (OPA) Overview. 1:14:48 - OPA Demos. 1:25:50 - Sandboxing Container Runtime Environment. 1:29:44 - Container Runtimes. 1:30:59 - gVisor (Secure Container Runtime) Intro and Architecture. 1:32:20 - Configuring PODS to Use gVisor. 1:33:07 - gVisor Demo. My Other Videos: ► Istio Ambient Service Mesh https://youtu.be/WPLVvwPGJvw ► Kubernetes Security, Part 1: Kubernetes Security Overview and Role-Based Access Control (RBAC) in Detail https://youtu.be/Qwkix9z8ywU ► Cilium Service Mesh https://www.youtube.com/watch?v=-o6E8bYj-xw ► Cilium Kubernetes CNI Provider: Part 4, IP Routing Modes (Direct and Encapsulated) https://youtu.be/j2aox7K-7wU ► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh https://youtu.be/gkrPt0ZcCfo ►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble https://youtu.be/5EcVrm01rAU ► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process https://youtu.be/aLq3O3l2LF4 ► What is VXLAN and How It is Used as an Overlay Network in Kubernetes? https://youtu.be/WMLSD2y2Ig4 ► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD: https://youtu.be/1tgqdz3lw-k ► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD: https://youtu.be/ftxxO381-_Q ► Sharing Resources between Windows and Linux: https://youtu.be/MzHX6eUlZfs ► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive: https://youtu.be/lkXLsD6-4jA ►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets: https://youtu.be/mjcNIaRDAsc ►Configuring and Managing Storage in Kubernetes: https://youtu.be/U11YjaRvCd4 ► Istio Service Mesh – Securing Kubernetes Workloads: https://youtu.be/GFXjlPBsykM ► Istio Service Mesh – Intro https://youtu.be/x_HRl-Ehvb8 ► Understanding Kubernetes Networking. Part 6: Calico Network Policies: https://youtu.be/sxB9-td1-F8 ► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies: https://youtu.be/vjhA9TJWw-k ► Understanding Kubernetes Networking. Part 4: Kubernetes Services: https://youtu.be/BZk2HUKsxAQ ► Understanding Kubernetes Networking Part 3: Calico Kubernetes CNI Provider in depth: https://youtu.be/vOo__3GqyxM ► Understanding Kubernetes Networking. Part 2: POD Network, CNI, and Flannel CNI: Plug-in: https://www.youtube.com/watch?v=U35C0EPSwoY ►Understanding Kubernetes Networking. Part 1: Container Networking: https://www.youtube.com/watch?v=ApeX6IAOfOc ► Setup a Linux-Windows (Calico based) Hybrid Kubernetes Cluster to Host .NET Containers: https://youtu.be/DMKS43POa5s ► A Docker and Kubernetes tutorial for beginners: A Docker and Kubernetes tutorial for beginners. - YouTube ► Setup a "Docker-less" Multi-node Kubernetes Cluster on Ubuntu Server: https://youtu.be/H9YfKliGuUY ►Step by Step Instructions on Setting up Multi-Node Kubernetes Cluster on CentOS https://www.youtube.com/watch?v=2Tr7hNW02fg ►Setup and Configure CentOS Linux Server on A Windows 10 Hypervisor https://www.youtube.com/watch?v=CBfJXZitG-o ►Setup NAT (Network Address Translation) on Hyper-V https://www.youtube.com/watch?v=PYamsYQSmFY ► Enable Nested Virtualization on Windows to run WSL 2 (Linux) and Hyper-V on a VM: https://www.youtube.com/watch?v=Y1U2YnnowsE ►Setup a Multi-Node MicroK8S Cluster on Windows 10: https://www.youtube.com/watch?v=fZVivQYDU8k ► Detailed Windows Terminal, (WSL 2), Linux, Docker, and Kubernetes Install Guide on Windows 10: https://www.youtube.com/watch?v=5MlLVjZJcyI