Docker and Kubernetes in high security environments

Docker and Kubernetes in high security environments

  • January 29, 2019
Table of Contents

Docker and Kubernetes in high security environments

This is brief summary of parts of my master’s thesis and the conclusions to draw from it. This medium-story focuses on containerized application isolation. The thesis also covers segmentation of cluster networks in Kubernetes which is not discussed in this story.

You can read my full thesis here; it’s available through open access:Container Orchestration in Security Demanding Environments at the Swedish Police Authority.

Source: medium.com

Tags :
Share :
comments powered by Disqus

Related Posts

Moving from Kube2Iam to Kiam

Moving from Kube2Iam to Kiam

At Ibotta, we chose kube2iam to assign AWS IAM Roles to containers running in our Kubernetes cluster. Lately, we’ve run into some issues with it—specifically when running a job that scores all of our service repos. This spins up a number of pods in parallel and has often failed to correctly access roles.

Read More
Kubernetes’ first major security hole discovered

Kubernetes’ first major security hole discovered

Kubernetes has become the most popular cloud container orchestration system by far, so it was only a matter of time until its first major security hole was discovered. And the bug, CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a CVSS 9.8 critical security hole.

Read More
Container Storage Interface (CSI) for Kubernetes GA

Container Storage Interface (CSI) for Kubernetes GA

The Kubernetes implementation of the Container Storage Interface (CSI) has been promoted to GA in the Kubernetes v1.13 release. Support for CSI was introduced as alpha in Kubernetes v1.9 release, and promoted to beta in the Kubernetes v1.10 release. The GA milestone indicates that Kubernetes users may depend on the feature and its API without fear of backwards incompatible changes in future causing regressions.

Read More