KubeCon + CloudNativeCon North America 2024: Full Schedule

In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.

arrow_back View All Dates

4:00pm MST

Pushing Authorization Further: CEL, Selectors and Maybe RBAC++ - Mo Khan & Rita Zhang, Microsoft; Jordan Liggitt, Google

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 3| 355 BC

Significant changes have been made to authorization in recent versions of Kubernetes. For example, common expression language (CEL) in validating admission policy (VAP) can access the authorizer to perform runtime checks during admission. Authorization has also been made aware of label and field selectors, which are available as extra info to be used by webhooks and CEL expressions in VAP. Looking forward, Kubernetes RBAC could be enhanced to take advantage of this new info. RBAC++ is a proof of concept design to combine CEL with RBAC to allow for conditional bindings at runtime. Thinking about even more experimental changes: what if authorization (and RBAC++) could directly assert conditions at admission time?

Speakers

Rita Zhang

Principal software engineer, Kubernetes SIG Auth co-chair, Security Response Committee, Microsoft

Rita Zhang is a Principal software engineer at Microsoft, based in San Francisco bay area. She leads the Azure Container Upstream team of maintainers and contributors building features for Kubernetes upstream, CNCF projects, and for Azure Kubernetes Service. She is a Kubernetes sig-auth... Read More →

Mo Khan

Software Engineer, Microsoft

Mo Khan is a software engineer who is passionate about open source and security. He started working on Kubernetes in 2016, and currently serves as a chair, technical lead and subproject owner for Kubernetes SIG Auth, a member of the Kubernetes Security Response Committee and a contributor... Read More →

Jordan Liggitt

Software Engineer, Google

Jordan Liggitt is a software engineer at Google, and helps lead Kubernetes authentication, authorization, and API server efforts.

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Auth