Security and authentication strategies for apps on Kubernetes | DevNation Tech Talk
Laurent Broudoux, Burr Sutter
June 3, 2020
Today, application security is a “must have” but it’s difficult to introduce it without modifying code if you didn’t think about it at the very beginning. Fortunately, the new cloud native patterns brought by containers and platforms like Openshift/Kubernetes offer simple ways to address security concerns without touching code. In this tech talk, we will walk through many stages to secure an existing application made by ‘Average Java Developer’ where security was clearly an afterthought. One step at a time, we will add new security facets to achieve a state-of-the-art secured application. We’ll use some advanced features of the Red Hat products, among others, to explain how to: - Force OAuth 2.0 / OpenID Connect authentication and authorization with RH-SSO / Keycloak - Secure app communication with OpenShift and Istio service mesh - Harden credentials management using an external vault like Hashicorp Vault - Use a PKI as a Service to generate certificates for your Ingress routes Want to become an application security guru? After this session, you will be able to cherry pick recipes to apply security where it makes sense to your own apps and context.