Automate or stagnate: surviving the era of continuous updates
Automate or stagnate: surviving the era of continuous updatesSpeaker:
Giovanni Toraldo
DevOps Engineer @ Hyland
Tematiche:
Abstract
Access control is a cornerstone of Kubernetes security, ensuring that only authorized users can view or modify cluster resources. While Kubernetes provides built-in mechanisms for access control, these are often too coarse-grained, making it challenging to define precise or, when necessary, customized permissions, such as the ability to define deny roles or set expirations on grants.
In this talk, we will introduce the SpiceDB Kubernetes API Proxy, a powerful solution that integrates with SpiceDB—the leading open-source authorization system that embraces and extends the model used by Zanzibar, Google’s internal authorization solution. Attendees will learn how this proxy enables granular access control for Kubernetes APIs, offering enhanced security and flexibility for managing permissions in dynamic environments.
