Update on Kubernetes Security in Critical Infrastructure
12-27, 19:45–20:45 (Europe/Berlin), HIP - Track 1 - Room 5
Language: English

We summarize howto secure Kubernetes clusters in critical infrastructure and give insights from the machine rooms.


Cloud native technology has made its way into critical infrastructure. Controlling transmission grids, energy stock exchanges and in the future government applications gets closer and closer to the way how the big providers are running applications in their public cloud.

However, for security reasons expressed in regulation and standards require air gapped environments. The talks describes the architecture of applications designed for this kind of environments, how they are developed and updated and secured.

The author discusses regulations, especially of the German BSI, CIS, NIST, what is there and what is missing and must be adapted from international standards. These kind of use cases assume a certain maturity of K8S, we check what has improved in the last year and what is still missing.

The talk contains more than traces of DevSecOps, GitOps and code signing. ~Hacking~ Trainings examples are available at https://github.com/thomasfricke/training-kubernetes-security

See also: slides (3.0 MB)

Der Redner hat sich von Anfang mit Web, Linux und auch Kubernetes und Clouds beschäftigt. Meistens arbeitet er mit K8S in air gapped Umgebungen im Bereich Gesundheit, Energie und Verwaltung. Er hat einige Architektur Sitzungen im IT Planungsrat ehrenamtlich begleitet.

The speaker has been involved with web, Linux and also Kubernetes and clouds from the beginning. Mostly he works with K8S in air gapped environments in healthcare, energy and government. He has volunteered some architecture sessions in IT planning council.

This speaker also appears in: