Explain/demonstrates using Kubernetes with different security features for your container environment
- Run containers without root, period
- Take advantage of all security features the host provides
- Run containers with read-only images
- Limit the Linux capabilities running within your container
- Set up container storage to modify the storage options in a more secure manner
- Configure alternative OCI Runtimes: Kata, Gvisord and Nabla to run locked down containers
Building images with security in mind.
- Limit packages/attack surface of container images
- Build container images within a locked down kubernetes container
Advances in User Namespaces
- Demonstrate running each container with a different User Namespace
- Configure system to take advantage of user namespace container separation, without taking a drastic speed hit
And many more...
Last updated: September 3, 2019