Kubernetes Security with Identity and OIDC
2023/05/29
再生時間： 39 分
ポッドキャスト

カートのアイテムが多すぎます

ご購入は五十タイトルがカートに入っている場合のみです。

カートに追加できませんでした。

しばらく経ってから再度お試しください。

ウィッシュリストに追加できませんでした。

しばらく経ってから再度お試しください。

ほしい物リストの削除に失敗しました。

しばらく経ってから再度お試しください。

ポッドキャストのフォローに失敗しました

ポッドキャストのフォロー解除に失敗しました

Kubernetes Security with Identity and OIDC

無料で聴く

ポッドキャストの詳細を見る

サマリー
I interview Marc Boorshtein, the CTO of Tremolo Security, an open-source identity management company that focuses on authentication, authorization, identity, and automation. Marc explains that their most popular tool is Open Unison, which allows users to log in to their Kubernetes clusters with whatever authentication system they have, such as LDAP, AD, Okta, or Azure AD. Open Unison also provides secure access to the dashboard and integrates with other cluster management applications.
Next up we shift over to the issue of certificate revocation in Kubernetes. Marc explains that Kubernetes doesn't know how to handle certificate revocation, which can be a security risk if a certificate is leaked or an employee leaves the company. He recommends using OpenID Connect or impersonation to access the cluster instead of relying on certificates. Marc also discusses the default time to live on service account tokens issued by the Kubernetes cluster and the importance of not using service account tokens when talking to clusters
This episode provides insights into the challenges of identity management with Kubernetes and strives to help you improve the security of your Kubernetes clusters.

続きを読む一部表示

あらすじ・解説

I interview Marc Boorshtein, the CTO of Tremolo Security, an open-source identity management company that focuses on authentication, authorization, identity, and automation. Marc explains that their most popular tool is Open Unison, which allows users to log in to their Kubernetes clusters with whatever authentication system they have, such as LDAP, AD, Okta, or Azure AD. Open Unison also provides secure access to the dashboard and integrates with other cluster management applications.

Next up we shift over to the issue of certificate revocation in Kubernetes. Marc explains that Kubernetes doesn't know how to handle certificate revocation, which can be a security risk if a certificate is leaked or an employee leaves the company. He recommends using OpenID Connect or impersonation to access the cluster instead of relying on certificates. Marc also discusses the default time to live on service account tokens issued by the Kubernetes cluster and the importance of not using service account tokens when talking to clusters

This episode provides insights into the challenges of identity management with Kubernetes and strives to help you improve the security of your Kubernetes clusters.

続きを読む一部表示