Talks
Rogue No More: Securing Kubernetes with Node-Specific Restrictions
Learn how to implement node-specific restrictions in Kubernetes to prevent rogue nodes and enhance cluster security. This talk covers practical strategies and tools for securing Kubernetes nodes.
Pushing Authorization Further: CEL, Selectors and Maybe RBAC++
Explore advanced authorization patterns in Kubernetes, including CEL expressions, advanced selectors, and potential future enhancements to RBAC. Learn how to implement fine-grained access control.
CEL-Ebrating Simplicity: Mastering Kubernetes Policy Enforcement
Exploring the Common Expression Language (CEL) and its application in Kubernetes policy enforcement. Learn how CEL simplifies policy creation and management while maintaining security and compliance.
SIG Auth & SIG Storage: Secret Guardians - (Secrets Store) CSI Driver and Sync Controller
In this lightning talk, Anish will introduce you to the (Secrets Store) CSI driver and Sync controller and discuss trade-offs of the CSI driver versus Sync controller.
Secrets Management - Feat. ESO, SSCSID, Teller, and SOPS (You Choose!, Ch. 3, Ep. 3)
Comparative analysis of popular secrets management tools including External Secrets Operator (ESO), Secrets Store CSI Driver (SSCSID), Teller, and SOPS. Learn which tool fits your use case best.
OIDC and Workload Identity in Kubernetes
Deep dive into OpenID Connect (OIDC) and Workload Identity in Kubernetes. Exploring how to securely authenticate workloads and manage identity across cloud-native applications.
Keeping Secrets Secret: Secrets Store CSI Driver
Live presentation on the Secrets Store CSI Driver, covering its design principles, implementation details, and real-world usage patterns for keeping secrets secure in Kubernetes.
Advancements in Kubernetes Workload Identity for Azure
Explore the latest advancements in Kubernetes Workload Identity for Azure environments. Learn about new features, security improvements, and integration patterns for cloud-native applications.
Secrets Store CSI Driver: Bringing external secrets in house
CNCF webinar demonstrating how the Secrets Store CSI Driver enables secure integration of external secret stores with Kubernetes workloads. Covers architecture, implementation, and best practices.
Azure Upstream - Ep. 1 - Workload Identity - Part 2 Deep Dive into Azure Workload Identity Configuration and Demos
In this second episode, Ernest Wong and I dive deeper into Azure Workload Identity with detailed configuration demos and best practices for assigning Azure identities to Kubernetes pods.
Azure Upstream - Ep. 1 - Workload Identity - Part 1 Introduction to Azure AD Pod Identity and Azure Workload Identity
In this first episode from the Azure Upstream open-source team, Ernest Wong and I discuss the origins of Azure AD Pod Identity, its limitations, and introduce the newer Azure Workload Identity project with live demos.
Secrets Store CSI Driver: Keeping Secrets Secret Bringing External Secret Management to Kubernetes
Learn about the Secrets Store CSI Driver and how it enables seamless integration between Kubernetes and external secret management systems like Azure Key Vault, AWS Secrets Manager, and HashiCorp Vault.
Achievement: This talk was ranked in the top 10 at KubeCon EU 2021 according to the CNCF Transparency Report.
The Secrets Store CSI Driver represents a paradigm shift in how Kubernetes applications consume secrets from external systems. This talk introduces the driver’s architecture, demonstrates its capabilities, and shows how it addresses common security challenges in cloud-native environments.
We’ll cover installation, configuration, and integration patterns with major cloud providers and secret management solutions. The session includes live demonstrations and discusses security best practices for managing secrets at scale.