Least Privilege Containers: Keeping a Bad Day from Getting Worse
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore strategies for implementing least privilege containers in Kubernetes environments through this 31-minute conference talk by Greg Castle and Vinayak Goyal from Google. Gain insights into the importance of running containers without root privileges and learn practical approaches to de-privileging production containers. Discover techniques for converting root-running containers to unprivileged users, implementing minimal distroless images, and addressing challenges that arise during the process. Examine real-world examples of container redesign to segment powerful permissions and utilize initContainers. Understand how to establish checks to prevent future privileged containers and delve into topics such as capabilities, Kubernetes Linux username sources, and crucial design decisions for maintaining a secure container ecosystem.
Syllabus
Introduction
Why Care
What is Nonroot
Demo
Migrating Containers
Design Choices
Challenges
Capabilities
Kubernetes Linux Username Source
Design Decisions
Taught by
CNCF [Cloud Native Computing Foundation]