The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
Kubernetes namespaces are widely used by developers and infrastructure maintainers to group resources within clusters, yet their role as pivotal security boundaries often gets overlooked. Many well-established and upcoming Kubernetes features rely on secure namespace management, from in-cluster DNS resolution to Network Policies, Limit Ranges, Pod Security Standards, and Gateway API Cross-Namespace Routing. The talk will investigate the implications of compromise within a cluster if an adversary successfully tampers existing namespaces or crafts new ones by delving into real-world use cases, including multi-tenancy and cluster-native policy enforcement. A spectrum of mitigations and best practices to lock down namespaces effectively will be presented, covering strategies from Role-Based Access Control (RBAC) to advanced object validation using admission controllers, including secure approaches with namespace templating in multi-tenant environments.
Marco De Benedictis is a senior security engineer with several years of experience consulting on high-end cybersecurity projects within the private and public sectors. Marco received a PhD in Computer and Control Engineering and is now employed at ControlPlane, where he focuses on... Read More →