Lifecycle of a kubectl Command: Harden Kubernetes Setup with Automation – Sanjary Rahman, Booking.com
We at Booking.com run tens of on-premise multi-tenant Kubernetes clusters at scale. To automate integration with our existing bare-metal infrastructure and for running kubectl auth pipeline, we run an ecosystem using custom Kubernetes Controllers, Pod Security Policies and Kubernetes Auth & Admission Webhooks.
Kubernetes provides end users with limitless possibilities of automation to harden cluster setup, secure authentication and authorization pipelines and validate workload definition as per organization requirements which most of the users are not aware of or make use of. Most of the time hardening Kubernetes setup in a multi-tenant cluster with per namespace based setup itself can turn into a huge toil for the operators.
In this talk, you will see how we at Booking.com have achieved the aforementioned features in a fully automated fashion with zero human intervention involved.
Join us for KubeCon + CloudNativeCon in Shanghai June 24 – 26 and San Diego November 18 – 21! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Join us for KubeCon + CloudNativeCon in San Diego November 18 – 21. Learn more at bit.ly/2WdUyQ6. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.