31 min listen
Shopify and Security, with Jon Pulsifer
Shopify and Security, with Jon Pulsifer
ratings:
Length:
24 minutes
Released:
Aug 21, 2018
Format:
Podcast episode
Description
Jon Pulsifer is a Production Security Engineer at Shopify, and Canada’s biggest Kubernetes fan. Adam and Craig dig into why, and what Adam’s new mode of transport is going to be.
Do you have something cool to share? Some questions? Let us know:
web: kubernetespodcast.com
mail: kubernetespodcast@google.com
twitter: @kubernetespod
Chatter
Sling TV using Kubernetes
Tesla using Kubernetes?
MITMproxy, Charles and Fiddler
Intercept HTTP traffic exiting a docker container
Adam has a lot of EconoLodge points
Not as many as Software Defined Talk hosts Matt Ray and Michael Coté
Craig thinks he should spend them on the Pepsi jet as seen in this wonderful video
News of the week
Service Networking in a Hybrid Infrastructure by Praveen Shukla from GoJek
KubeCon and CloudNativeCon China
Craig’s session
7 best practices for operating containers by Théo Chamley from Google Cloud
kustomize on Homebrew for macOS
Understanding the Container Storage Interface (CSI) by Anoop Vijayan Maniankara
The Istio 1.0 Release Stream or jump straight to the part with Dan Ciruli from episode 15
Links from the interview
Royal Canadian Navy - Canadian Forces NOC
SANS institute and instructors
Jon Pulsifer is a Production Security Engineer at Shopify
Why Shopify Moved to The Production Engineering Model
Production Engineering from Facebook
SRE from Google
They’re hiring!
Shopify’s adopting Kubernetes and Google Cloud
The evolution of Kubernetes security
Before RBAC, you used to have to mount an empty directory over the service account to disable access to it
seccomp and AppArmor
RBAC
PodSecurityPolicy
gVisor and Kata Containers
Planning for Secure Container Isolation in Kubernetes
RuntimeClass enhancement proposal
Binary Authorization
Launch blog post
Kritis - open source reference implementation of Binary Authorization (the judge)
Grafaes - API spec for Container Analysis API
Shopify Voucher, a tool that creates attestations for Binary Authorization and prevents the deployment of images that don’t meet Shopify’s security requirements.
Jon’s talk on Binary Authorization at Google Cloud Next: Securing the Software Supply Chain
Shopify’s $25,000 Kubernetes bug bounty payout
What is a server-side request forgery?
Getting started with security by reading kubesec.io
Around Ottawa
Kubernetes Ottawa meetup
GDG Cloud Ottawa
Jon’s car
Jon Pulsifer on Twitter
Do you have something cool to share? Some questions? Let us know:
web: kubernetespodcast.com
mail: kubernetespodcast@google.com
twitter: @kubernetespod
Chatter
Sling TV using Kubernetes
Tesla using Kubernetes?
MITMproxy, Charles and Fiddler
Intercept HTTP traffic exiting a docker container
Adam has a lot of EconoLodge points
Not as many as Software Defined Talk hosts Matt Ray and Michael Coté
Craig thinks he should spend them on the Pepsi jet as seen in this wonderful video
News of the week
Service Networking in a Hybrid Infrastructure by Praveen Shukla from GoJek
KubeCon and CloudNativeCon China
Craig’s session
7 best practices for operating containers by Théo Chamley from Google Cloud
kustomize on Homebrew for macOS
Understanding the Container Storage Interface (CSI) by Anoop Vijayan Maniankara
The Istio 1.0 Release Stream or jump straight to the part with Dan Ciruli from episode 15
Links from the interview
Royal Canadian Navy - Canadian Forces NOC
SANS institute and instructors
Jon Pulsifer is a Production Security Engineer at Shopify
Why Shopify Moved to The Production Engineering Model
Production Engineering from Facebook
SRE from Google
They’re hiring!
Shopify’s adopting Kubernetes and Google Cloud
The evolution of Kubernetes security
Before RBAC, you used to have to mount an empty directory over the service account to disable access to it
seccomp and AppArmor
RBAC
PodSecurityPolicy
gVisor and Kata Containers
Planning for Secure Container Isolation in Kubernetes
RuntimeClass enhancement proposal
Binary Authorization
Launch blog post
Kritis - open source reference implementation of Binary Authorization (the judge)
Grafaes - API spec for Container Analysis API
Shopify Voucher, a tool that creates attestations for Binary Authorization and prevents the deployment of images that don’t meet Shopify’s security requirements.
Jon’s talk on Binary Authorization at Google Cloud Next: Securing the Software Supply Chain
Shopify’s $25,000 Kubernetes bug bounty payout
What is a server-side request forgery?
Getting started with security by reading kubesec.io
Around Ottawa
Kubernetes Ottawa meetup
GDG Cloud Ottawa
Jon’s car
Jon Pulsifer on Twitter
Released:
Aug 21, 2018
Format:
Podcast episode
Titles in the series (100)
Kubernetes SIG-PM, with Ihor Dvoretskyi: Program, Product and Project Management - Kubernetes is more than just code by Kubernetes Podcast from Google