In-person + Virtual
October 11-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Friday, October 15 • 4:30pm - 5:05pm
PSP is Dead, Long Live PodSecurity - Monis Khan, VMware; Mike Danese, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
After a quick intro, this presentation will touch upon two auth features that recently went GA: bound service account tokens [1] and kubectl credential plugins [2]. The bulk of the talk will focus on the replacement for pod security policy: pod security admission control [3]. We will cover the reasons behind the replacement of PSP along with the specific technical details of PSA. [1] https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume [2] https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins [3] https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement

avatar for Mike Danese

Mike Danese

Software Engineer, Google
Mike is a software engineer at Google. He has worked on Kubernetes and GKE for over 7 years and is currently the lead of the GKE Identity, Policy Enforcement, and Regulated and Compliance teams. He is a chair and TL of the Kubernetes Auth Special Interest Group. He develops and maintains... Read More →
avatar for Mo Khan

Mo Khan

Software Engineer, Microsoft
Mo Khan is a software engineer who is passionate about open source and security. He started working on Kubernetes in 2016, and currently serves as a chair and subproject owner for Kubernetes SIG Auth, a member of the Kubernetes Security Response Committee and a contributor to SIG... Read More →

Friday October 15, 2021 4:30pm - 5:05pm PDT
Room 501 ABC + Online