Cloud Flight Simulator Part 2: Protecting Kubernetes Clusters with Admission

Before you can help DevOps teams solve security problems and improve their security programs, you need to understand how they think, how they work, and the tools that they use. Part 2: Kubernetes admission controllers play a critical role in enhancing the security of a Kubernetes cluster. They act as gatekeepers, intercepting requests to the Kubernetes API server before requests are processed and stored by the cluster. Learn how admission control policies written in Common Expression Language (CEL) or Open Policy Agent (OPA) Rego can enforce crucial policies such as denying containers using non-approved base images and stopping containers with invalid image signatures. Explore the rest of the Cloud Flight Simulator Series: Part 1: GitLab CI, Workflows, and Secrets www.sans.org/webcasts/cloud-flight-simulator-part-… Part 3: Safeguarding the Software Supply Chain www.sans.org/webcasts/cloud-flight-simulator-part-… Part 4: Least Privileged Pods with Kubernetes Workloads www.sans.org/webcasts/cloud-flight-simulator-part-… Learn more about SANS SEC540: Cloud and DevSecOps Automation course at www.sans.org/cyber-security-courses/cloud-security… About the Speaker: Ben Allen Ben Allen is co-author of SEC540: Cloud Security and DevSecOps Automation, and a senior member of the SANS information security team. He applies knowledge gained over a decade of information security experience to problem domains ranging from packet analysis to policy development on an ongoing basis. Ben has contributed to security best practices for DevSecOps and operationalized DevOps techniques for security teams leading to improvements in release time and stability. Ben holds numerous SANS certifications, and a bachelor's degree in Electrical Engineering. Learn more about Ben at www.sans.org/profiles/ben-allen/ SANS Cloud Security Curriculum: www.sans.org/cloud-security GIAC Cloud Security Certifications: www.giac.org/focus-areas/cloud-security/ LinkedIn: www.linkedin.com/showcase/sanscloudsec/ Discord: www.sansurl.com/cloud-discord Twitter: @SANSCloudSec

• #science_technology
• #cloud
• #cloud_security
• #devsec
• #devsecops
• #the_cloud
• #cloud_security_training
• #aws
• #azure
• #gcp
• #cloud_service_providers
• #big_3
• #managing_cloud
• #leading_cloud_security
• #multi_cloud
• #multicloud
• #hybrid_cloud
• #public_cloud
• #aws_training
• #gcp_training
• #azure_training
• #kubernetes
• #kubernetes_clusters