Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Isolate the Users! Supporting User Namespaces in K8s for Increased Security

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore user namespaces in Kubernetes for enhanced security in this conference talk. Learn about the risks of running processes as root inside containers and discover how Linux's user namespaces can mitigate these risks by isolating user and group IDs. Delve into the ongoing efforts to implement user namespace support in Kubernetes, including the Kubernetes Enhancement Proposal (KEP-127) and prototype implementations. Understand the challenges faced, particularly with volumes, and examine potential solutions like shiftfs and idmapped mounts. Gain insights into ID mapping modes, comparisons, and see a demonstration of the concept in action. Discover the next steps in bringing this crucial security feature to Kubernetes clusters.

Syllabus

Introduction
The Problem
Mitigations
What are username spaces
ID mapping
Isolate capability
Example
History
Challenges
Solution
ID Mapping Modes
Comparison
Demonstration
Next steps

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Isolate the Users! Supporting User Namespaces in K8s for Increased Security

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.