Purplecon 2019 james, deploying kubernetes safer(ish), https://purplecon.nz/talks#james, https://www.youtube.com/watch?v=1aBIFsqpBVU&list=PLS45xFo74VF546tbfXXtKDO03cVrAalM6&index=12&t=0s

sometimes evil conglomerates, large companies and/or totally regular and normal individuals prefer to run kubernetes themselves, instead of using a public cloud provider – perhaps they don't trust the intergoogles, perhaps they want to experience the incessant joys of maintenance and upgrades themselves, or perhaps (the real reason) they wanted to justify their sweet, sweet devops stickers on their laptop. sure, not trusting someone else's computer make sense in some threat models, the (sometimes overly-enthusiastic) diy approach does mean they open themselves up to a whole host of other problems – google probably does know how to deploy, manage and secure kubernetes better than anyone else, since they kinda built it. they've probably even got better stickers. unfortunately, setting it up is hard. there's so many moving parts and the vaguely dodgy how-to posts on random blogs always seem to be a few versions behind – and they feel like they get away with it by saying “definitely probably don't do this in production, but it's totally fine to do for testing, what's the worst that could happen?*” this talk will take you through some of the parts of the kubernetes setup that are commonly ignored (“oh yeah we’ll definitely $100% get to that later”), or excluded from scripts you piped from curl to bash, or are pretty easy to accidentally get wrong if you didn’t know about this other thing that wasn’t made immediately obvious. if you’re an auditor, these are your super tasty critical severity fairy-bread tickets. if you’re a defender, these are the things that differentiate your totally awesome cluster of orchestrated hotness from a totally awesome cluster of orchestrated hot mess. if you’re an attacker who’s popped a shell and found themselves trapped in a container of emotions, these are the things that make you have a big sad when they’re done right.