Final slides for 20240508

nicholasdille · nicholasdille · commit 730233d622bd · 2024-05-07T22:41:36.000+02:00
diff --git a/120_kubernetes/rbac/service_account.md b/120_kubernetes/rbac/service_account.md
@@ -187,8 +187,6 @@ kubectl get pod bar -o=jsonpath='{.spec.imagePullSecrets[0].name}{"\n"}'
 
 ## Avoid Service Accounts 1/2
 
-Use field references in environment variables:
-
 ```yaml
 apiVersion: v1
 kind: Pod
@@ -215,6 +213,8 @@ spec:
 
 <!-- .element: style="float: right; width: 24em;" -->
 
+Use field references in environment variables
+
 Also supports `resourceFieldRef` to access resource requests and limits
 
 ### Demo [<i class="fa fa-comment-code"></i>](https://github.com/nicholasdille/container-slides/blob/master/120_kubernetes/rbac/service_account.demo "service_account.demo")
@@ -223,8 +223,6 @@ Also supports `resourceFieldRef` to access resource requests and limits
 
 ## Avoid Service Accounts 2/2
 
-Use downward API to expose pod information:
-
 ```yaml
 apiVersion: v1
 kind: Pod
@@ -250,7 +248,7 @@ spec:
 
 <!-- .element: style="float: right; width: 25em;" -->
 
-Downward API [](https://kubernetes.io/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/)
+Use downward API [](https://kubernetes.io/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/) to expose pod information
 
 Volume of type `downwardAPI` provides pod information
 
diff --git a/120_kubernetes/rbac/slides.md b/120_kubernetes/rbac/slides.md
@@ -1,5 +1,11 @@
 ## Role-Based Access Control (RBAC)
 
+XXX
+
+---
+
+## Role-Based Access Control (RBAC)
+
 ### (Cluster)Role(Binding) <i class="fa fa-face-smile-wink"></i>
 
 Role(Binding) only exist in one namespace
diff --git a/2024-05-08_DevOps-Meetup-RBAC.html b/2024-05-08_DevOps-Meetup-RBAC.html
@@ -45,6 +45,7 @@ <h2 style="font-size: 1.2em; text-transform: none; color: white;">Tricks and Cav
 </section>
 
 <section data-markdown="000_introduction/02_bio.md" data-separator="^---$" data-vertical-separator="^--$"></section>
+<section data-markdown="2024-05-08_DevOps-Meetup-RBAC.md" data-separator="^---$" data-vertical-separator="^--$"></section>
 <section data-markdown="120_kubernetes/rbac/slides.md" data-separator="^---$" data-vertical-separator="^--$"></section>
 <section data-markdown="120_kubernetes/rbac/aggregation.md" data-separator="^---$" data-vertical-separator="^--$"></section>
 <section data-markdown="120_kubernetes/rbac/certificate_auth.md" data-separator="^---$" data-vertical-separator="^--$"></section>
diff --git a/2024-05-08_DevOps-Meetup-RBAC.md b/2024-05-08_DevOps-Meetup-RBAC.md
@@ -0,0 +1,11 @@
+## Agenda
+
+- <span class="fa-li"><i class="fa-duotone fa-user-shield"></i></span> Role Based Access Control (RBAC)
+- <span class="fa-li"><i class="fa-duotone fa-pencil"></i></span> Writing (cluster) roles
+- <span class="fa-li"><i class="fa-duotone fa-triangle-exclamation"></i></span> Risks
+- <span class="fa-li"><i class="fa-duotone fa-id-card-clip"></i></span> Impersonation
+- <span class="fa-li"><i class="fa-duotone fa-shield-quartered"></i></span> Securing service accounts
+- <span class="fa-li"><i class="fa-duotone fa-stethoscope"></i></span> Audit log
+- <span class="fa-li"><i class="fa-duotone fa-person-military-pointing"></i></span> Kyverno
+
+<!-- .element: class="fa-ul" style="font-size: larger; margin-top: 0.5em;" -->
diff --git a/2024-05-08_DevOps-Meetup-RBAC.yaml b/2024-05-08_DevOps-Meetup-RBAC.yaml
@@ -15,9 +15,9 @@ event:
 
 slides:
 - 000_introduction/02_bio.md
+- 2024-05-08_DevOps-Meetup-RBAC.md
 - 120_kubernetes/rbac/slides.md
 - 120_kubernetes/rbac/aggregation.md
-- 120_kubernetes/rbac/certificate_auth.md
 - 120_kubernetes/rbac/risks.md
 - 120_kubernetes/rbac/impersonation.md
 - 120_kubernetes/rbac/service_account.md
