Kubernetes is fast becoming the platform of choice for deploying modern cloud native applications and Terraform is increasingly the tool of choice for creating infrastructure to support these applications.
Their flexibility means they are powerful for a wide range of use-cases and their focus on configuration in code means they are accessible to development teams to use quickly and autonomously.
But with this comes the challenge of knowing whether you’ve deployed your application securely. How do you understand all of the potential configuration options and their impact? How do you know that the supporting infrastructure is appropriately locked down and you are following your own teams best practices?
In this talk we will:
- Look at a typical development flow for writing and validating a Kubernetes and Terraform deployment, starting from the command line through to your source control system
- Discuss the the challenges and security considerations you should be aware of and how to work with your security team if you have one
- Show a few demos of tools, including Snyk, that can help you get faster feedback
TakeawaysAll attendees should come away from the session with some practical ideas they can put into practice straight away, whether they have wide adoption of Kubernetes and Terraform yet or not.
For development teams building applications we’ll look at:
- Why considering security from the beginning is beneficial
- How to securely deploy to Kubernetes and the considerations in doing so
- How to securely provision infrastructure using Terraform
- How to seamless add security into your local development workflow, with the toolchain you are familiar with
- How to work collaboratively with the security team
And for security teams responsible for assuring the applications and infrastructure that is being deployed, we’ll discuss:
- How to get visibility into each application and across applications
- How to engage with development teams to educate and empower them to develop securely
