In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Thursday, April 20 • 14:30 - 15:05
Mind the Gap! Bringing Together Cloud Services and Managed K8s Environments - Christophe Tafani-Dereeper, Datadog & Diego Comas, Sourcegraph

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Many organizations run Kubernetes as part of managed offerings such as AWS EKS, Azure AKS or GCP GKE. But that’s only one part of the story; other pieces of infrastructure such as databases, object storage or legacy workloads generally live outside the cluster. In this context comes the need to bridge the gaps between what runs inside a managed Kubernetes cluster, and what is deployed in other services of the cloud provider. In this talk, we start by reviewing how the different cloud providers tackle authenticating and authorizing humans to the managed Kubernetes control plane, as well as individual workloads to the cloud provider API. Then, we dive into the different techniques to bring external secrets (e.g., from AWS Secrets Manager) inside the cluster. Along the way we cover how practitioners can leverage these mechanisms to architect cloud-native applications that benefit from the full power of cloud services, while avoiding complete vendor lock-in. We also describe how an attacker can abuse these mechanisms to pivot from exploiting a single containerized workload to compromising full cloud environments, and how to best protect against these attack vectors.

avatar for Christophe Tafani-Dereeper

Christophe Tafani-Dereeper

Cloud Security Researcher & Advocate, Datadog
Christophe works on cloud security research and open source at Datadog. He was previously a software developer, penetration tester and cloud security engineer, where he extensively worked with cloud and container technologies and in particular managed Kubernetes solutions. He previously... Read More →
avatar for Diego Comas

Diego Comas

Head of Security, Sourcegraph
Diego is the Head of Security at Sourcegraph. He is passionate about cloud-native security and has years of experience protecting cloud environments and containerized applications, in particular in large engineering organizations and highly regulated environments.

Thursday April 20, 2023 14:30 - 15:05 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity