Overview
Syllabus
Intro
Configuration Vulnerability
Developer Ownership
Security Context
Privileged Pods
Demo
When do we need root containers
Run is nonroot
Resource limitations
CPU throttling
Memory throttling
Next demo
Conclusions
Recap
Conclusion
Secure base
Quality vs quantity
Sneak Infrastructure Demo
Questions
OKD vs Kubernetes
Privilege Run Mode
Code Injection
Privilege vs Root
Demo code
Memory limits
Sample apps
Architecture
Image Root Access
Pod Security Policies
Shifting Security Responsibility
Is it enough
Does a sneak container gathered scan
How to validate Kubernetes
Setting a memory limited model
Taught by
Linux Foundation