Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Kubernetes-native security with Starboard
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Liz Rice
January 01, 2021
Programming
220
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Kubernetes-native security with Starboard
Liz Rice
January 01, 2021
More Decks by Liz Rice
See All by Liz Rice
Building a cloud native business on open source
lizrice
0
260
KCD Lima: eBee in Peru!
lizrice
0
210
Unleashing the kernel with eBPF
lizrice
0
390
eBPF's Abilities and Limitations: The Truth
lizrice
0
530
Simplifying multi-cloud and multi-cluster Kubernetes deployments with Cilium
lizrice
0
290
When is a Secure Connection not encrypted? And other stories
lizrice
1
140
Keeping it simple: Cilium Mesh - networking for multi-cloud Kubernetes and beyond
lizrice
1
790
How Many Proxies Do You Need
lizrice
1
210
eBPF for Security Observability
lizrice
0
1.6k
Other Decks in Programming
See All in Programming
Performance Engineering for Everyone
elenatanasoiu
0
230
気圧・高度・GPSを記録&可視化するアプリ「Koudo」を作った話
hjmkth
1
320
任せる範囲はこう広がった / How the Scope of AI Delegation Has Expanded
nrslib
0
150
決定論的オーケストレーションの設計と実装 / Design and Implementation of Deterministic Orchestration
nrslib
4
1.5k
どこまでゆるくて許されるのか
tk3fftk
0
260
LLMによるContent Moderationの本番運用の裏側と品質担保への挑戦
suikabar
3
790
Go1.27で導入されるジェネリクスメソッドでできること
mackee
0
190
AIを活用したE2Eテスト実装効率化のあゆみ / ebisu-mobile-14-kotetu
kotetuco
0
130
正しくソフトウェアを作る、前提を疑うための認知の視点 / doubt-premise
minodriven
21
7.1k
TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める
geekplus_tech
0
410
IBM Bobを活用したレガシーアプリの最新化
oniak3ibm
PRO
1
220
肥大化するレガシーコードに立ち向かうためのインターフェース分離と依存の逆転 / JJUG CCC 2026 Spring
hirokunimaeta
0
630
Featured
See All Featured
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
260
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
6k
What does AI have to do with Human Rights?
axbom
PRO
1
2.2k
The Mindset for Success: Future Career Progression
greggifford
PRO
0
370
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
400
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
570
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.2k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
250
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.3k
Transcript
© 2020 Aqua Security Software Ltd., All Rights Reserved Kubernetes-native
security with Starboard Liz Rice & Daniel Pacak Open Source Engineering, Aqua Security @lizrice @d_pacak
@lizrice @d_pacak Kubernetes K8s resources Starboard – motivation Dave Loper
pods deployments statefulsets daemonsets Security tools Image vulnerabilities CIS benchmarks Config auditing Pen testing Dashboard kubectl Kubernetes API
@lizrice @d_pacak Starboard – brings security reports into Kubernetes Kubernetes
Dashboard Dave Loper K8s resources pods deployments statefulsets daemonsets Security tools Image vulnerabilities CIS benchmarks Config auditing Pen testing kubehunterreports vulnerabilityreports ciskubebenchreports configauditreports Starboard kubectl Kubernetes API
@lizrice @d_pacak Starboard CLI demo
@lizrice @d_pacak Starboard operator Starboard operator – automation Kubernetes Dashboard
Dave Loper K8s resources pods deployments statefulsets daemonsets Security tools Image vulnerabilities CIS benchmarks Config auditing Pen testing kubehunterreports vulnerabilityreports ciskubebenchreports configauditreports Starboard kubectl Kubernetes API
@lizrice @d_pacak Starboard operator demo
@lizrice @d_pacak Starboard design decisions
@lizrice @d_pacak Resource What security issues are this for this
resource? Security report Resource type = pod Resource name = my-app owner
@lizrice @d_pacak Resource What security issues are this for this
resource? Security report Resource type = pod Resource name = my-app owner Resource name
@lizrice @d_pacak namespace Resource What security issues are this for
this resource? Security report
@lizrice @d_pacak namespace Resource What security issues are this for
this resource? Security report starboard Scan job
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet image:1.3 Pod image:1.3 ReplicaSet
image:1.3 Pod app-image:1.3 What security issues are there for my workloads? Unmanaged pod other-image:2.0
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet image:1.3 Pod image:1.3 ReplicaSet
image:1.3 Pod app-image:1.3 Unmanaged pod other-image:2.0 Vuln report some-image:2.0
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet image:1.3 Pod image:1.3 ReplicaSet
image:1.3 Pod app-image:1.3 Unmanaged pod other-image:2.0 Vuln report some-image:2.0 Vuln report some-image:2.0 Vuln report some-image:2.0 Vuln report some-image:2.0
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet image:1.3 Pod image:1.3 ReplicaSet
image:1.3 Pod app-image:1.3 Unmanaged pod other-image:2.0 Vuln report some-image:2.0 Vuln report
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet app-image:1.6 ReplicaSet image:1.3 Pod
image:1.3 ReplicaSet image:1.3 Pod app-image:1.3 ReplicaSet image:1.3 Pod app-image:1.6 Unmanaged pod other-image:2.0 Vuln report some-image:2.0 Vuln report
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet app-image:1.6 ReplicaSet image:1.3 Pod
image:1.3 ReplicaSet image:1.3 Pod app-image:1.3 ReplicaSet image:1.3 Pod app-image:1.6 Unmanaged pod some-image:2.0 Vuln report some-image:2.0 Vuln report app-image:1.6 Vuln report app-image:1.3
@lizrice @d_pacak Deployment ReplicaSet ReplicaSet image:1.3 Pod image:1.3 ReplicaSet image:1.3
Pod Vuln report What vulnerabilities are in my deployment?
@lizrice @d_pacak Starboard hierarchy demo
@lizrice @d_pacak Extending Starboard
@lizrice @d_pacak Kind: Job Name: efavbs-d21... Namespace: starboard-operator Pluggable vulnerability
scanners Kind: Deployment Name: my-app Image: some-image:2.0 Struct: PodTemplateSpec Image: aquasec/trivy:0.11.0 Command: trivy some-image:2.0 Kind: VulnerabilityReport Name: deployment-my-app-some-container PodSpec Trivy output converter
22 22 VulnerabilityScanner interface
@lizrice @d_pacak
@lizrice @d_pacak
@lizrice @d_pacak Starboard future
@lizrice @d_pacak Fully pluggable security reporting Kubernetes Dashboard Dave Loper
K8s resources pods <some resources> replicasets Security tools Image vulnerabilities CIS benchmarks Config auditing Pen testing kubehunterreports vulnerabilityreports ciskubebenchreports configauditreports Starboard kubectl Kubernetes API Starboard ConfigMap Scanners - Tool: Resource: Report: - Tool: Resource: Report: … <other>reports some other security tool
@lizrice @d_pacak What are the most important security issues in
my cluster? kubectl starboard summary <namespace>
@lizrice @d_pacak github.com/aquasecurity/starboard