2024-11-13_ContainerConf-RBAC.html

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta charset="utf-8" />

<title>Kubernetes RBAC</title>

<!-- https://gauger.io/fonticon/ -->
<link rel="icon" href="images/favicons/kubernetes.ico" />

<link rel="stylesheet" href="node_modules/reveal.js/dist/reset.css" />
<link rel="stylesheet" href="node_modules/reveal.js/dist/reveal.css" />
<link rel="stylesheet" href="node_modules/reveal.js/dist/theme/black.css" />
<link rel="stylesheet" href="node_modules/highlight.js/styles/rainbow.css" />
<link rel="stylesheet" href="node_modules/@fortawesome/fontawesome-pro/css/all.min.css" />
<link rel="stylesheet" href="themes/theme2022.css" />
<link rel="stylesheet" href="themes/common.css" />
</head>

<body>
<div class="reveal">
<div class="slides">

<section id="title" data-separator="^---$" data-separator-vertical="^--$" data-background="images/fall-7605042_1920.jpg" class="center" style="padding: 1em 1em 1em 1em; color: white; background: rgba(0, 0, 0, 0.5); width: 60%; margin: auto; text-align: right;">

<h1 style="font-size: 1.5em; color: white;">Kubernetes RBAC</h1>

<p><img src="images/logos/coc_ohnejahr_weiss_bunt.svg" style="float: left; height: 2em;" /></p>

<h2 style="font-size: 1.2em; text-transform: none; color: white;">Tricks and Caveats</h2>

<p><i>Nicholas Dille, Haufe Group</i></p>

<p><a href="https://www.continuouslifecycle.de/"> </a></p>
</section>

<section data-markdown="000_introduction/02_bio.md" data-separator="^---$" data-separator-vertical="^--$"></section>
<section id="agenda" data-separator="^---$" data-separator-vertical="^--$">
<h2>Agenda</h2>

<i class="fa-duotone fa-4x fa-list-check" style="float: right;"></i>

<ul id="bullets" class="fa-ul" style="line-height: 1.5em; font-size: larger; margin-top: 0.5em;">
<li><span class="fa-li"><i class="fa-duotone fa-pencil"></i></span> Writing (cluster) roles</li>
<li><span class="fa-li"><i class="fa-duotone fa-triangle-exclamation"></i></span> Risks</li>
<li><span class="fa-li"><i class="fa-duotone fa-user-police-tie"></i></span> Impersonation</li>
<li><span class="fa-li"><i class="fa-duotone fa-shield-quartered"></i></span> Securing service accounts</li>
</ul>
</section>

<section data-markdown="120_kubernetes/rbac/quickstart.md" data-separator="^---$" data-separator-vertical="^--$"></section>
<section data-markdown="120_kubernetes/rbac/author.md" data-separator="^---$" data-separator-vertical="^--$"></section>
<section data-markdown="120_kubernetes/rbac/aggregation.md" data-separator="^---$" data-separator-vertical="^--$"></section>
<section data-markdown="120_kubernetes/rbac/risks.md" data-separator="^---$" data-separator-vertical="^--$"></section>
<section data-markdown="120_kubernetes/rbac/impersonation.md" data-separator="^---$" data-separator-vertical="^--$"></section>
<section data-markdown="120_kubernetes/rbac/service_account.md" data-separator="^---$" data-separator-vertical="^--$"></section>

<section id="summary" data-separator="^---$" data-separator-vertical="^--$">
<h2>Summary</h2>

<i class="fa-duotone fa-4x fa-lightbulb-on" style="float: right;"></i>

<ul id="bullets" class="fa-ul" style="line-height: 1.5em;">
<li><span class="fa-li"><i class="fa-duotone fa-user-shield"></i></span> RBAC is well documented in the ecosystem</li>
<li><span class="fa-li"><i class="fa-duotone fa-engine-warning"></i></span> Little known verbs are a risk</li>
<li><span class="fa-li"><i class="fa-duotone fa-user-police-tie"></i></span> Impersonation can improve security</li>
<li><span class="fa-li"><i class="fa-duotone fa-magnifying-glass"></i></span> Service account tokens must be managed</li>
<li><span class="fa-li"><i class="fa-duotone fa-shield-check"></i></span> Policy engines like Kyverno can help</li>
</ul>

<h3 id="events">Upcoming events</h3>
<p>2024-11-12 - <a href="https://containerconf.de/">ContainerConf</a> Workshop <a href="https://www.continuouslifecycle.de/veranstaltung-22480-0-ci-cd-mit-gitlab.html">GitLab CI</a></p>
<p>2024-11-13 - <a href="https://containerconf.de/">ContainerConf</a> Talk <a href="https://www.continuouslifecycle.de/veranstaltung-22482-0-kubernetes-rbac--tricks-und-fallstricke.html">Kubernetes RBAC</a></p>
<p>2024-11-21 - <a href="https://heise-academy.de/">heise Academy</a> Workshop <a href="https://heise-academy.de/Workshops/cicd-gitlab">GitLab CI</a></p>
</section>

</div>
</div>

<script src="node_modules/reveal.js/dist/reveal.js" type="application/javascript"></script>
<script src="node_modules/reveal.js/plugin/markdown/markdown.js" type="application/javascript"></script>
<script src="node_modules/reveal.js/plugin/highlight/highlight.js" type="application/javascript"></script>
<script src="node_modules/reveal.js/plugin/search/search.js" type="application/javascript"></script>
<script src="node_modules/reveal.js/plugin/zoom/zoom.js" type="application/javascript"></script>
<script src="node_modules/reveal.js/plugin/notes/notes.js" type="application/javascript"></script>
<script>
    var durationInMinutes = 4 * 60;
    Reveal.initialize({
        width: 1400,
        height: 850,
        margin: 0.05,
        controlsTutorial: false,
        showSlideNumber: false,
        hash: true,
        history: true,
        keyboard: true,
        overview: true,
        center: false,
        touch: false,
        shuffle: false,
        fragments: true,
        fragmentInURL: true,
        embedded: false,
        help: true,
        showNotes: false,
        autoPlayMedia: null,
        mouseWheel: false,
        previewLinks: false,
        transition: 'convex',
        transitionSpeed: 'default',
        backgroundTransition: 'fade',
        hideInactiveCursor: true,
        hideCursorTime: 3000,

        totalTime: durationInMinutes * 60,
        allottedTime: durationInMinutes * 60 * 1000,

        barColor: 'rgb(200, 0, 0)',
        pausedBarColor: 'rgba(200, 0, 0, .6)',

        markdown: {
            smartypants: true
        },

        plugins: [
            RevealMarkdown,
            RevealHighlight,
            RevealSearch,
            RevealZoom,
            RevealNotes
        ]
    });
</script>

</body>
</html>