![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=60,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how to implement enhanced authorization mechanisms to prevent lateral node escape attacks in multi-tenant Kubernetes clusters through this conference talk from KubeCon + CloudNativeCon. Explore the critical security challenges faced by enterprise operations teams when managing cost-effective multi-tenant environments, particularly focusing on the vulnerabilities introduced by multiple daemonsets that can become attack vectors for cluster takeover. Discover recently introduced advanced security features from the SIG community, including CRD Field Selectors, Field and Label Selector Authorization, validating admission policy (VAP), and Structured Authorization Config, which enable more flexible authorization configurations for CRDs, kubelet, and other resources in multi-tenant settings. Gain insights from real-world node escape incidents and understand practical implementation strategies for these new security features. Master the use of Common Expression Language (CEL) to configure customized policies in Authorization Webhook and VAP systems, enabling more granular node-specific restrictions within your clusters to maximize security while maintaining operational efficiency.
