Taking a K8s Deployment from Default to Secure

Session Information

A Shodan search can quickly reveal over 17 million Nginx servers currently returning a 200 OK. One would think with such adoption that building a secure Nginx Kubernetes deployment would be easy. Surely one would be overwhelmed with online content!

Whilst best practices are in abundance and security scanning tools for helm and k8s yaml are available, it can be truly difficult to find example code or solid advice on how to successfully follow security best practices. In this session I’ll start with a blank canvas of a default Nginx deployment and leverage Checkov’s Kubernetes yaml scanning capability to show my own experiences with the easy, the hard and the plain confusing elements of creating a secure Nginx deployment.

  • Steve Giguere
    Developer Advocate, Bridgecrew by Palo Alto
  • Transcript coming soon.

Get started today

Pulumi is open source and free to get started. Deploy your first stack today.