Securing Container Workloads in GCP Hackathon (SECTY-HACK-G)

The challenges are connected – building on the previous one. The attendees will be faced with three challenges. They will be given a Google Kubernetes cluster running a demo application consisting of several microservices developed using node.js. The challenges are briefly described below. Challenge 1: Who is who in the zoo? Introduction to user authentication and authorization while using Cloud IAM and Google Kubernetes Engine will start with the team looking to improve their solution's security. They will have access to Google Kubernetes Engine running a demo application. The team will have to define and manage users’ level of access to GKE resources, keeping the whole system secured while still enabling every engineer to do what they need to do.

Challenge 2: Hush, hush The team will be introduced to the concept of using secrets in the Kubernetes cluster. They will need a manager for handling their secrets and for that they will use Google Secret Manager. Once they create Google Secret Manager and their secrets, they should edit their deployment templates to consume their newly created secrets and implement a CSI driver in their cluster.

Challenge 3: It’s time to create some order here After the team has implemented a user authentication and authorization strategy and stored the secrets in a secure place, the application in the GKE cluster is much more secure. However, that is nearly not enough to call their system secure. The team should also consider communication protocols between microservices (containers) internally and externally. To achieve that, they will have to add a set of rules for the cluster to abide by.