Share this page!

Rich Burroughs Profile picture
Twitter logo
May 20 13 tweets 5 min read
All the cool kids are at @urlichsanais and @raesene’s talk. #KubeCon
Love you, security nerds ❤️ #KubeCon
Oh I didn’t know that @raesene works on the CIS benchmarks for both Docker and Kubernetes. #KubeCon
Someone will ask “Is this secure?” And that’s where standards come in, it’s how you can prove something is secure. #KubeCon
Security standards: “Guidance from a vendor or 3rd party on the security configuration and hardening of a product or service.”
Some standards are checklists. They are pass/fail for the checklist items. Others are hardening guides which are less prescriptive. #KubeCon
If you’re regulated, which standard you use may be answered for you. #KubeCon
Some distros have their own standards but many do not. The CIS benchmark may give false negatives or positives depending on your distro. You also need to look at which versions of k8s are covered by a standard. #KubeCon
Another question is what areas does the standard cover. Hardening guides are wider but at a higher level. Configuration benchmarks typically look just at the product. #KubeCon
#KubeCon Diagram of differences between tools
One of the tools available is kube-bench by Aqua. github.com/aquasecurity/k… #KubeCon
kube-beacon can do CIS benchmarks. Starboard can do the NSA standard. Another option is Kubescape which looks pretty cool. #KubeCon
Standards are a useful guide but it’s important to understand what they do and don’t cover. Tools can automate things but they should be used carefully. They have limitations. #KubeCon

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Rich Burroughs

Rich Burroughs Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @richburroughs

Rich Burroughs Profile picture
May 20
Last talk of the conference for me is @Divya_Mohan02, @SaiyamPathak, @kunalstwt and @coffeeartgirl talking about how to navigate the CNCF landscape. #KubeCon
Cloud native as a paradigm involved because people wanted vendor agnostic infra, and a more declarative approach to deploying workloads. @Divya_Mohan02 #KubeCon
3 categories of projects in the CNCF: Sandbox, Incubating, and Graduated. Sandbox is early with lots of innovation. Incubating projects are being used in production by more people. Graduated projects are mature and stable. #KubeCon @coffeeartgirl
Read 17 tweets
Rich Burroughs Profile picture
May 20
Next up is @lizrice talking about Cilium :) #KubeCon
Specifically about Cilium’s service mesh :)
Liz started off asking who is tired and a lot of hands went up, including hers 😂 #KubeCon
Read 12 tweets
Rich Burroughs Profile picture
May 20
Watching @breakawaybilly talk about composability next :) #KubeCon
What is compound interest for software? Composability. #KubeCon
With the cloud native ecosystem we can select and assemble from the projects on the landscape. #KubeCon
Read 6 tweets
Rich Burroughs Profile picture
May 20
During my chat last night with @LukasGentele and @fabiankramm, Lukas mentioned what a risk it was for me to join @loft_sh when I did. At that time it was mainly Lukas and Fabian and our designer (who is really rad).
My instinct at the time had actually been to join a very large company. I’d been at three early stage companies in a row and felt like I needed a break. I had never heard of Loft Labs and knew nothing about the founders.
But when I looked at the product I was very impressed. I’d been hearing people in the Kubernetes community complain about multi-tenancy pain for years. Virtual clusters were such a new approach and very smart I thought. (At that point they were in the commercial product only.)
Read 11 tweets
Rich Burroughs Profile picture
May 19
Next up is @hasheddan and @ImJasonH with Registries After Dark Pt. 2. #KubeCon
Oh Jason couldn’t be here but helped prepare it, hi @ImJasonH if you’re watching :) #KubeCon
We’re starting off with How A Computer Works (I would like to know this). #KubeCon
Read 13 tweets
Rich Burroughs Profile picture
May 19
Next up I’m watching the Cilium project updates with @tgraf__, @lbernail, @purvid, and @lizrice :) #KubeCon
Wow this is pretty packed :) #KubeCon
Cilium uses eBPF and Envoy for networking, security, observability and service mesh. #KubeCon
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(