Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Least Privilege Containers: Keeping a Bad Day from Getting Worse

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore strategies for implementing least privilege containers in Kubernetes environments through this 31-minute conference talk by Greg Castle and Vinayak Goyal from Google. Gain insights into the importance of running containers without root privileges and learn practical approaches to de-privileging production containers. Discover techniques for converting root-running containers to unprivileged users, implementing minimal distroless images, and addressing challenges that arise during the process. Examine real-world examples of container redesign to segment powerful permissions and utilize initContainers. Understand how to establish checks to prevent future privileged containers and delve into topics such as capabilities, Kubernetes Linux username sources, and crucial design decisions for maintaining a secure container ecosystem.

Syllabus

Introduction
Why Care
What is Nonroot
Demo
Migrating Containers
Design Choices
Challenges
Capabilities
Kubernetes Linux Username Source
Design Decisions

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Least Privilege Containers: Keeping a Bad Day from Getting Worse

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.