Sign up to save your podcasts
Or
Share Security: Hosts, Registries, Content and Pipelines
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Security: Hosts, Registries, Content and Pipelines
Show: 14
Show Overview: Brian and Tyler talk address some of the many layers of security required in a container environment. This show will be part of a series on container and Kubernetes security. They look at security requirement in the Container Host, Container Content, Container Registry, and Software Build Processes.
Show Notes and News:
- 10 Layers of Container Security
- Google, VMware and Pivotal announced a Hybrid Cloud partnership with Kubernetes
- Google and Cisco announced a Hybrid Cloud partnership with Kubernetes (and more)
- Docker adds support for Kubernetes to DockerEE
- Rancher makes Kubernetes the primary orchestrator
- Microsoft announces new Azure Container Service, AKS
- Oracle announced Kubernetes on Oracle Linux (and some installers)
- Heptio announces new tools
Topic 1 - Let’s start at the bottom of the stack with the security needed on a container host.
- Linux namespaces - isolation
- Linux capabilities and SECCOMP - restrict routes, ports, limiting process calls
- SELinux (or AppArmor) - mandatory access controls
- cGroups - resource management
Topic 2 - Next in the stack, or outside the stack, is the sources of container content.
- Trusted sources (known registries vs. public registries (e.g. DockerHub)
- Scanning the content of containers
- Managing the versions, patches of container content
Topic 3 - Once we have the content (applications), we need a secure place to store and access it - container registries.
- Making a registry highly-available
- Who manages and audits the registry?
- How to scan container within a container?
- How to cryptographically sign images?
- Identifying known registries
- Process for managing the content in a registry (tagging, versioning/naming, etc)
- Automated policies (patch management, getting new content, etc.)
Topic 4 - Once we have secure content (building blocks) and a secure place to store the container images, we need to think about a secure supply chain of the software - the build process.
- Does a platform require containers, or can it accept code? Can it manage secure builds?
- How to build automated triggers for builds? How to audit those triggers (webhooks, etc.)?
- How to validate / scan / test code at different stages of a pipeline? (static analysis, dynamic analysis, etc.)
- How to promote images to a platform? (automated, manual promotion, etc.)
Feedback?
- Email: PodCTL at gmail dot com
- Twitter: @PodCTL
- Web: http://podctl.com
View all episodes
By Red Hat OpenShift
4.6
7575 ratings
Show: 14
Show Overview: Brian and Tyler talk address some of the many layers of security required in a container environment. This show will be part of a series on container and Kubernetes security. They look at security requirement in the Container Host, Container Content, Container Registry, and Software Build Processes.
Show Notes and News:
- 10 Layers of Container Security
- Google, VMware and Pivotal announced a Hybrid Cloud partnership with Kubernetes
- Google and Cisco announced a Hybrid Cloud partnership with Kubernetes (and more)
- Docker adds support for Kubernetes to DockerEE
- Rancher makes Kubernetes the primary orchestrator
- Microsoft announces new Azure Container Service, AKS
- Oracle announced Kubernetes on Oracle Linux (and some installers)
- Heptio announces new tools
Topic 1 - Let’s start at the bottom of the stack with the security needed on a container host.
- Linux namespaces - isolation
- Linux capabilities and SECCOMP - restrict routes, ports, limiting process calls
- SELinux (or AppArmor) - mandatory access controls
- cGroups - resource management
Topic 2 - Next in the stack, or outside the stack, is the sources of container content.
- Trusted sources (known registries vs. public registries (e.g. DockerHub)
- Scanning the content of containers
- Managing the versions, patches of container content
Topic 3 - Once we have the content (applications), we need a secure place to store and access it - container registries.
- Making a registry highly-available
- Who manages and audits the registry?
- How to scan container within a container?
- How to cryptographically sign images?
- Identifying known registries
- Process for managing the content in a registry (tagging, versioning/naming, etc)
- Automated policies (patch management, getting new content, etc.)
Topic 4 - Once we have secure content (building blocks) and a secure place to store the container images, we need to think about a secure supply chain of the software - the build process.
- Does a platform require containers, or can it accept code? Can it manage secure builds?
- How to build automated triggers for builds? How to audit those triggers (webhooks, etc.)?
- How to validate / scan / test code at different stages of a pipeline? (static analysis, dynamic analysis, etc.)
- How to promote images to a platform? (automated, manual promotion, etc.)
Feedback?
- Email: PodCTL at gmail dot com
- Twitter: @PodCTL
- Web: http://podctl.com
More shows like PodCTL - Enterprise Kubernetes
View all
LINUX Unplugged
263 Listeners
CyberWire Daily
1,011 Listeners
Crime Junkie
364,613 Listeners
Kubernetes Podcast from Google
182 Listeners
B2B Tech Talk with Ingram Micro
20 Listeners
Kubernetes Notes
4 Listeners
Kubernetes Unpacked
11 Listeners