The recording of my talk Security Considerations for Container Runtimes Dan Walsh, Red Hat ( @rhatdan )
Explain/demonstrates using Kubernetes with different security features for your container environment
Everything you need to grow your career.
With your free Red Hat Developer program membership, unlock our library of cheat sheets and ebooks on next-generation application development.
SIGN UPGeneral Concept
Run containers without root, period Take advantage of all security features the host providesConfiguring CRI-O:
Run containers with read-only images Limit the linux capabilities running within your container Set up container storage to modify the storage options in a more secure manner Configure alternative OCI Runtimes: Kata, Gvisord and Nabla to run locked down containersBuilding images with security in mind.
Limit packages/attack surface of container images Build container images within a locked down kubernetes containerAdvances in User Namespaces
Demonstrate running each container with a different User Namespace Configure system to take advantage of user namespace container separation, without taking a drastic speed hit
