cloud conf keynote - orchestrating least privilege
TRANSCRIPT
Orchestrating Least Privilege
~2000 Today
What is an Orchestrator?
What is an Orchestra?
SWARM
Job of a Conductor
- Casting - Assign sheet music - Unify performers - Set the tempo
Job of an Orchestrator
- Node management - Task assignment - Cluster state reconciliation - Resource Management
What is a Least Privilege Orchestrator?
What is Least Privilege?
A process must be able to access only the information and resources that are necessary for its legitimate purpose.
Principle of Least Privilege
An Orchestrator that follows the principle of least privilege in the
strictest manner possible.Least Privilege Orchestrator
Why Least Privilege?
Cluster
Internet
Cluster
Internet
A
M
M M
AA A
M
M M
WW W
M
M M
WW W
How far away are we right now?
How do we achieve Least Privilege Orchestration?
Mitigating External Attacker
web: image: web-app expose: 443 links: - redis redis: image: redis
Mitigating Internal Network Attacker
[ { "permission": { "method": "GET", "resource": "/user" }, "allow": ["web", "fulfillment", "payments"] },
{ "permission": { "method": "POST", "resource": "/user" }, "allow": ["signup", "web"] },
{ "permission": { "method": "DELETE", "resource": "/user/.*" }, "allow": ["web"] }]
Mitigating MiTM Attacker
rails-app: image: rails-app links: - mysql mysql: image: mysql
MTLS
Mitigating Malicious Worker
Push
Worker
Manager
WorkerWorker
Mitigating Malicious Manager
Worker
Manager
WorkerWorker
web: image: web-app expose: 443 links: - redis tls-auth: - OU: api-client redis: image: redis
web: image: web-app expose: 443 links: web:
image: web-app expose: 443 links:
web: image: web-app expose: 443 links:
SWARM
Mutual TLS by default
• First node generates a new self-signed CA.
Mutual TLS by default
• New nodes can get a certificate issued w/ a token.
Mutual TLS by default
• Workers and managers identified by their certificate.
Mutual TLS by default
• Communications secured with Mutual TLS.
Secrets
Secrets
Secrets
External APP
Thank you