Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Securing Pods via Scheduling - Mitigating Risks from Neighboring Containers

Linux Foundation via YouTube

Overview

Explore a conference talk that delves into enhancing Kubernetes pod security through innovative scheduling techniques. Learn about the vulnerabilities that can arise from neighboring containers sharing a host kernel and how these can be exploited to compromise security. Discover SySched, a new security-aware pod scheduling scheme for Kubernetes that co-locates pods based on their system call exposure risk. Examine experimental results demonstrating the effectiveness of this approach in reducing the impact of potential kernel attacks. Gain insights into the implementation of the scheduler plugin in Kubernetes and understand how to utilize the Security Profile Operator for generating, storing, and managing pod system call profiles. This presentation offers valuable knowledge for DevOps professionals and security experts looking to bolster container security in Kubernetes environments.

Syllabus

Don’t Trust Your Neighbors: Securing Pods via Scheduling - Michael Le, IBM & Sascha Grunert, Red Hat

Taught by

Linux Foundation

Reviews

Start your review of Securing Pods via Scheduling - Mitigating Risks from Neighboring Containers

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.