For anyone in software development, there is no way around Kubernetes. Containerization has changed the way software is developed, deployed and operated. Microservices is the new paradigm. Many teams around the world discuss just now: What does containerization and Kubernetes mean to security and how to fit this technology into our existing architectures and processes? In this talk we will dissect the various components of Kubernetes and explain how they work technically under the hood. We will discuss common pitfalls and how they could be exploited by attackers to compromise the whole cluster. There will be a demo of kernel exploits and their risks to container isolation mechanisms. But not all is bad: With the right approach, Kubernetes environments can even lead to security improvements. This talk will provide the key principles for designing secure Kubernetes architectures.