Back To Schedule
Friday, December 8 • 2:45pm - 3:20pm
Securing Shopify's PaaS on GKE [I] - Jonathan Pulsifer, Shopify

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Shopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company's internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team.

Unfortunately for us, a hosted solution does not offer all the features we've come to love in Kubernetes including NetworkPolicies, PodSecurityPolicies, and admission controllers among others. Given this, the security team has created a number of Kubernetes controllers and other cloud platform solutions to maintain an effective security posture on our new platform.

In this talk we'll introduce our cloud platform, explore the tools we've created to bridge the security gaps, detail the struggles we've encountered using Google Cloud Platform and GKE, and discuss our growing pains with Kubernetes multi-tenancy. Attendees will gain an understanding of the current state of Kubernetes security controls on GKE, a familiarity with some of the products available on Google Cloud Platform, and insight on how to integrate security controls into their development pipelines.

avatar for Jonathan Pulsifer

Jonathan Pulsifer

Infrastructure Security Engineer, Shopify
Jonathan is a Senior Security Engineer at Shopify working on securing their new platform using Kubernetes on GKE. Previously, he was a SANS mentor, network defense instructor, and a team lead at the Canadian Forces Network Operations Centre in Ottawa. Find Jonathan on Twitter @Jo... Read More →

Friday December 8, 2017 2:45pm - 3:20pm CST
Meeting Room 12AB, Level 4