Kubernetes Extended Authentication Model

SHOW: 66SHOW OVERVIEW: Brian talks with Marc Boorshtein (@mlbian, CTO at Tremolo Security) about trends in Kubernetes security, and how to think about the Kubernetes Extended Authentication Model. SHOW NOTES:Try OpenShift 4 - http://try.openshift.comBeyond RBAC in OpenShift – Open Policy AgentOpenShift Commons Briefing: Securing OKD at Multiple LayersKubernetes Security SHOW TOPICS:Topic 1 - Welcome back to the show. Your focus is on security. What’s one new thing that’s really interesting to your right now, and what’s one “mundane” thing you’re seeing all the time that isn’t getting enough discussion? Topic 2 - A few weeks ago we talked with John Osbourne about “Kubernetes Policy”. This is very different than “Authentication” or “Authorization”. For people that don’t live around security, can you help us understand the difference between policy and the things that make up AAA (Authentication, Authorization and Accounting)?Topic 3 - You and I were talking a few months ago at OpenShift Commons Gathering in London about “the Kubernetes extended authorization model”, and I wonder if you could elaborate on that a little bit. Topic 4 - What are some of the areas where you feel like there isn’t enough awareness, especially for production environments, between policy and AAA models (e.g. Kubernetes elements vs. user-level elements)?Topic 5 - Give us a quick set of thoughts on how any of this changes if we start doing multi-cluster or Federation. FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com