Multi-tenancy using ABAC | A closer look at Helm 3

LABS TLV - Derech Menachem Begin 121 Tel Aviv-Yafo - View Map Tel Aviv
Wed, Sep 25, 2019, 6:00 PM (IDT)

About this event

18:00 - 18:30: Gathering, food, networking, SWAG :) - sponsored by Palantir

18:30 - 19:15: Attribute-Level Authorization and Why RBAC Isn’t Enough, Greg DeArment

Palantir uses Kubernetes to enable customers to execute user provided code via common distributed compute frameworks such as Apache Spark. Securing Kubernetes to support multi-tenant workloads, where the user might be trusted but their code shouldn’t be, is of the utmost importance and pose interesting challenges given the state of Kubernetes security today.
In this talk, Greg DeArment will explain why Kubernetes’ role-based access control (RBAC) is insufficient, how and why Palantir extended Kubernetes to provide attribute level authorization, how it is used to limit what users can do within Kubernetes, and how they approach securing these types of multi-tenant clusters.

19:15 - 20:00: Helm 3, Jessica Dean

Since its initial debut 5 years ago Kubernetes has grown up quite a bit, but one thing hasn’t changed: writing Kubernetes manifest files from scratch is hard. Thus, the need for a package manager was born: Helm. Helm is almost as old as Kubernetes and Helm 2 is a merger of two code bases, which made for some interesting ways of approaching even the most basic of security concerns (say, RBAC for instance). If you’re familiar with Helm you already know how useful it is, but there are features you’d like added, some updates you’ve wished for, and a major component you’d like removed: Tiller.
Helm 3 not only removes Tiller, but it was built with direct feedback from the community. In this demo fueled session, I’ll walk you through the differences between Helm 2 and Helm 3 (which is currently in beta 3). I’ll offer tips for a successful rollout or upgrade, how to easily use charts created for Helm 2 with Helm 3 (without changing your syntax), and then review opportunities where you can participate in the project’s future.

About the speakers:

Greg DeArment, Palantir Technologies, Head of Infrastructure
Greg is responsible for building the systems used to run, manage, and monitor Palantir's Foundry and Gotham platforms. This includes managed cloud hosting environments, configuration, and continuous integration / continuous deployment (CI/CD) and telemetry infrastructure. Over the last two years, Greg has led the effort to adopt Kubernetes as the compute engine for Palantir's Foundry platform.

Jessica Dean, Senior Cloud Advocate, Microsoft
Jessica is a Senior Cloud Advocate for Microsoft focusing on Azure, Containers, OSS, and, of course, DevOps. Prior to joining Microsoft, she spent over a decade as an IT Consultant / Systems Administrator for various corporate and enterprise environments, catering to end users and IT professionals in the San Francisco Bay Area. Jessica holds two Microsoft Certifications (MCP, MSTS), 3 CompTIA certifications (A+, Network+, and Security+), 4 Apple Certifications, and is a former 4-year Microsoft Most Valuable Professional for Windows and Devices for IT. In 2013, she achieved her FEMA certification from the U.S Department of Homeland Security, which recognizes her leadership and influence abilities during times of crisis and emergency. In 2015, she received her P.O.S.T Level 2 Certificate, which made her eligible to apply to serve as a reserve Level 2 Peace Officer in the state of California; the certification expired in 2018 when she chose to focus on her engineering and advocacy career with Microsoft for the time being.


Wednesday, Sep 25
6:00 PM - 8:00 PM (IDT)


Derech Menachem Begin 121 Tel Aviv-Yafo