Oh I didn’t know that @raesene works on the CIS benchmarks for both Docker and Kubernetes. #KubeCon
Someone will ask “Is this secure?” And that’s where standards come in, it’s how you can prove something is secure. #KubeCon
Security standards: “Guidance from a vendor or 3rd party on the security configuration and hardening of a product or service.”
Some standards are checklists. They are pass/fail for the checklist items. Others are hardening guides which are less prescriptive. #KubeCon
If you’re regulated, which standard you use may be answered for you. #KubeCon
Some distros have their own standards but many do not. The CIS benchmark may give false negatives or positives depending on your distro. You also need to look at which versions of k8s are covered by a standard. #KubeCon
Another question is what areas does the standard cover. Hardening guides are wider but at a higher level. Configuration benchmarks typically look just at the product. #KubeCon
kube-beacon can do CIS benchmarks. Starboard can do the NSA standard. Another option is Kubescape which looks pretty cool. #KubeCon
Standards are a useful guide but it’s important to understand what they do and don’t cover. Tools can automate things but they should be used carefully. They have limitations. #KubeCon
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Cloud native as a paradigm involved because people wanted vendor agnostic infra, and a more declarative approach to deploying workloads. @Divya_Mohan02#KubeCon
3 categories of projects in the CNCF: Sandbox, Incubating, and Graduated. Sandbox is early with lots of innovation. Incubating projects are being used in production by more people. Graduated projects are mature and stable. #KubeCon@coffeeartgirl
During my chat last night with @LukasGentele and @fabiankramm, Lukas mentioned what a risk it was for me to join @loft_sh when I did. At that time it was mainly Lukas and Fabian and our designer (who is really rad).
My instinct at the time had actually been to join a very large company. I’d been at three early stage companies in a row and felt like I needed a break. I had never heard of Loft Labs and knew nothing about the founders.
But when I looked at the product I was very impressed. I’d been hearing people in the Kubernetes community complain about multi-tenancy pain for years. Virtual clusters were such a new approach and very smart I thought. (At that point they were in the commercial product only.)