Self Healing GitOps_ Continuous, Secure GitOps using Argo CD, Helm and OPA - Tenable - Upkar Lidder.pdf

《Self Healing GitOps_ Continuous, Secure GitOps using Argo CD, Helm and OPA - Tenable - Upkar Lidder.pdf》由会员分享，可在线阅读，更多相关《Self Healing GitOps_ Continuous, Secure GitOps using Argo CD, Helm and OPA - Tenable - Upkar Lidder.pdf（15页珍藏版）》请在三个皮匠报告上搜索。

1、Self Healing GitOps:Continuous,Secure GitOps using Argo CD,Helm and OPAUpkar LidderSenior Product Manager,Tenable CLOUD NATIVE INFRASTRUCTURE IS FUELING INNOVATIONCNCF Survey 2020CREATING INCREASED VELOCITY,LESS PROCESS FRICTION Easy developer interface,complex underpinningExtremely high paced infra

2、structureEasier runtime management,deployment,and scalability92%organizations using containers in production83%organizations using Kubernetes in production30%organizations using serverless in productionSOUNDS GREAT,RIGHT?But,is velocity leaving you vulnerable?WHAT MAKES KUBERNETES SECURITY DIFFICULT

3、 Developer focused managementComplex privilege managementDefault configurations are not secureSO,WHAT CAN YOU DO?4 TENETS OF K8 SECURITYK8s Misconfigurations Create a single policy framework for governance and access controlSecurity Guardrails Integrate policy into DevOps workflowsContainer Image Vu

4、lnerabilities Scan container images and registriesExposure Mgmt Identify and remediate runtime vulnerabilitiesSECURITY GUARDRAILS Kubernetes security depends on the development process and should be built into build and delivery processes using existing development tools and frameworks.THE POWER OF

5、POLICYPolicy as Code can be applied at several different stages in the development process,and we encourage users to apply it everywhere they can.1.Low Friction2.Secure by default3.Increased Security VisibilityOpen Source Policy as Code for Secure Cloud Infrastructure500+out-of-the-box policies Scan

6、 IaC against common policy standards such as the CISLeverages the Open Policy Agent(OPA)engine for custom policy creation 9TYPICAL GITOPS CI/CD WORKFLOWSECURE GITOPS CI/CD WORKFLOWSECURE GITOPS CI/CD WORKFLOWSECURE GITOPS CI/CD WORKFLOWSECURE GITOPS CI/CD WORK