Containers give developers the ability to isolate applications from one another, but that’s not enough. Resource isolation is much different than security isolation. How do we make applications deployed in containers more secure? How do we apply existing tools like SELinux, AppArmor, and seccomp to our containers running in Kubernetes? How can we apply policy to our network and services to make sure applications only have access to what they need and nothing more?
Ian Lewis shares the easiest and best ways to improve the security of your Kubernetes clusters. You’ll learn about the risks and attack surfaces and see tools like PodSecurityPolicy, SELinux, AppArmor and seccomp in action to improve the security of containers deployed in Kubernetes. You’ll then go up the stack and learn how to apply network policy to containers to further improve security.
Ian Lewis is a Tokyo-based developer advocate on Google’s Cloud Platform team. Ian has held various developer and operations roles throughout his career and enjoys working in environments with diverse ways of thinking. He is passionate about DevOps, SRE, Python, Go, and container orchestration. When he’s not writing controllers and operators in Go, he runs the Kubernetes meetup in Tokyo and blogs about Kubernetes and containers.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org