DevOps and Docker Talk: Cloud Native Interviews and Tooling

Securing Containers, First Steps in Docker and Kubernetes

Listen Later

Bret goes through his top recommendations for securing container images, Docker containers and Kubernetes pods.

This is a tip-packed show where Bret lists much of what's documented in his courses, starting with the first steps you should take, and the bare security necessities that everyone should be doing. Then he covers more advanced security activities you should consider once the basics are covered.

Streamed live on YouTube on July 7, 2022.


Unedited live recording of this show on YouTube (Ep #177).


★Topics★
Bret's Container Security AMA
Docker Security Docs
Docker Buys Atomist
Slim.ai website: Auto-slimming images
Docker Slim tool
Kubescape website
Kubernetes Security Context
Seccomp by default
Lint all files with super-linter
Datree K8s file scan
Kubernetes Benchmark
My GitHub Actions examples: Automate your builds, CVE scans, and more
Video on building a more secure base image
Snyk security tools website
Trivy CVE and K8s scans
Falco for watching servers for bad behavior

★Join my Community★
Best coupons for my Docker and Kubernetes courses

Chat with us on our Discord Server Vital DevOps

Homepage bretfisher.com

  • (00:00) - Intro
  • (00:52) - Mid-Roll Intro
  • (00:53) - Bret's Intro
  • (01:46) - Main show
  • (02:45) - What should I worry about first? The Basics!
  • (03:47) - Start with images
  • (04:28) - Bret.show/SecurityFirst
  • (05:04) - CVE scanning
  • (05:36) - Dependency scanning
  • (06:28) - Bret's Github with Dependabot
  • (07:25) - OS dependencies with Trivy and Snyk
  • (09:23) - Bret's Talks
  • (10:17) - Alpine is not always good
  • (11:27) - All hands on automation
  • (12:14) - Don't run as root inside the image
  • (14:04) - Question
  • (15:20) - Making slimmer images
  • (15:52) - Atomist
  • (17:19) - DockerSlim
  • (20:48) - Question
  • (22:21) - Question
  • (24:09) - Question
  • (24:36) - Question
  • (24:45) - Question
  • (25:15) - Securing Docker
  • (25:47) - Docker host scanner
  • (26:28) - Falco
  • (26:55) - Just use Docker
  • (28:28) - Question about Windows Containers
  • (30:19) - Maintain your servers
  • (31:12) - Docker in the cloud
  • (32:29) - Always stay on the latest Kubernetes release
  • (33:33) - Kube-bench
  • (34:22) - Tree.io
  • (35:04) - Pod specs
  • (36:08) - Sec comp
  • (37:33) - Security context
  • (38:57) - Privilege escalation
  • (39:50) - Superlinter
  • (40:54) - Question about Fargate
  • (42:35) - Network policies
  • (44:38) - Kubernetes docs article on security context
  • (45:16) - Question
  • (47:43) - Third-party security monitoring
  • (47:57) - Question about volumes
  • (48:45) - Question about Docker subnets
  • (49:30) - Question about secrets
  • (50:17) - Question about subnets 2
  • (50:48) - Question
  • (53:03) - Outro

    • You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!

    Grab the best coupons for my Docker and Kubernetes courses.
    Join my cloud native DevOps community on Discord.
    Grab some merch at Bret's Loot Box
    Homepage bretfisher.com

    ...more
    View all episodesView all episodes
    Download on the App Store
    DevOps and Docker Talk: Cloud Native Interviews and ToolingBy Bret Fisher
    • 4.6
    • 4.6
    • 4.6
    • 4.6
    • 4.6

    4.6

    53 ratings

    More shows like DevOps and Docker Talk: Cloud Native Interviews and Tooling

    View all
    Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

    Software Engineering Radio - the podcast for professional software developers

    272 Listeners

    .NET Rocks! by Carl Franklin and Richard Campbell

    .NET Rocks!

    244 Listeners

    The Changelog: Software Development, Open Source by Changelog Media

    The Changelog: Software Development, Open Source

    284 Listeners

    The Cloudcast by Massive Studios

    The Cloudcast

    152 Listeners

    LINUX Unplugged by Jupiter Broadcasting

    LINUX Unplugged

    265 Listeners

    Thoughtworks Technology Podcast by Thoughtworks

    Thoughtworks Technology Podcast

    40 Listeners

    Talk Python To Me by Michael Kennedy

    Talk Python To Me

    590 Listeners

    Software Engineering Daily by Software Engineering Daily

    Software Engineering Daily

    621 Listeners

    AWS Podcast by Amazon Web Services

    AWS Podcast

    201 Listeners

    Python Bytes by Michael Kennedy and Brian Okken

    Python Bytes

    215 Listeners

    Data Engineering Podcast by Tobias Macey

    Data Engineering Podcast

    140 Listeners

    Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

    Syntax - Tasty Web Development Treats

    987 Listeners

    Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

    Kubernetes Podcast from Google

    181 Listeners

    The Stack Overflow Podcast by The Stack Overflow Podcast

    The Stack Overflow Podcast

    62 Listeners

    The Real Python Podcast by Real Python

    The Real Python Podcast

    139 Listeners

    Agentic DevOps by Bret Fisher

    Agentic DevOps

    2 Listeners