Virtual Event
May 4 - May 7
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2021 Virtual to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Back To Schedule
Wednesday, May 5 • 15:05 - 15:40
CSI Volume Attacks – The SRE Strikes Back - Hendrik Land, NetApp

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Container Storage Interface (CSI) has made it easy for stateful workloads to consume storage - but does it protect your data from unauthorized access? The CSI standard only orchestrates the creation of volumes, snapshots or clones. How do you ensure that neither other workloads in the same Kubernetes cluster nor someone outside the cluster can access your data? You will learn the inherent security models provided by Kubernetes as well as additional configurations you can and should apply. Beyond concepts and architecture, a series of short demos will cover topics such as: - Security of Persistent Volume Claims and Persistent Volumes throughout their lifecycle - Pod Security Policies and volume types - File system permissions on your volumes - Securing common storage protocols such as iSCSI and NFS - Securing CSI drivers in your cluster

avatar for Hendrik Land

Hendrik Land

Solution Architect DevOps, NetApp
Hendrik has worked for NetApp on storage and data management aspects since 2007. His interest in new technologies has led him into the DevOps space, where he focuses on storage for stateful workloads and application mobility delivered by infrastructure agnostic platforms such as Kubernetes... Read More →

Wednesday May 5, 2021 15:05 - 15:40 CEST
Storage Theater