SlideShare uma empresa Scribd logo

Security considerations while deploying Containerized Applications by Neependra Khare at #AgileIndia2019

Agile India
Agile India

This document discusses various security considerations for containerized applications running on Kubernetes, including: - Scanning container images for vulnerabilities during the build process and signing images. - Ensuring container images are minimal in size by using smaller base images like Alpine Linux, running as a non-root user, and mounting the filesystem read-only. - Implementing role-based access control (RBAC) in Kubernetes using roles and role bindings to control access at the namespace and cluster level. - Auditing Kubernetes API access for security and compliance purposes. - Managing secrets securely using Kubernetes secrets rather than environment variables or volumes.

Apresentações e oratória
1 de 24
Baixar para ler offline
Security Considerations For Containerized Applications Neependra Khare, CloudYuga @neependra
About Me - Neependra Khare ● Founder and Principal Consultant at CloudYuga ● Authored Introduction to Kubernetes MOOC on Edx for the CNCF, which is taken by more than 63,000 people worldwide ● CNCF Ambassador ● Certified Kubernetes Administrator ● More than 15 years of IT experience ● Authored Docker Cookbook ISBN: 9781783984862 in 2015 ● Ran Docker Meetup in Bangalore for more than 5 years
Application Container Image Base Container Image Runtime/Libraries Application
Application Container Base Container Image Runtime/Libraries Application Host Container Runtime Container
Container Orchestration Host Container Runtime Container Container Host Container Runtime Container Container Host Container Runtime Container Container Container Orchestrator - K8s
Security Consideration for Application Imgaes ● Image Scanning ● Image Signing ● Audit and Compliance Base Container Image Runtime/Libraries Application
Keep the Image size Minimal FROM node:10/node:10-alpine EXPOSE 8080 COPY server.js . CMD node server.js REPOSITORY TAG IMAGE ID CREATED SIZE node-app node-10 fcd053e2141e 11 minutes ago 673MB node-app node-10-alpine b93e5ada9a6f 11 minutes ago 70.6MB
Run program as Non-root User FROM python:3.7-alpine RUN addgroup -S apprunner RUN adduser -G apprunner -S apprunner USER apprunner COPY . /opt/app WORKDIR /opt/app RUN pip install -r requirements.txt --user EXPOSE 8080 ENTRYPOINT ["python", "hello.py"]
Run as Non-root apiVersion: v1 kind: Pod metadata: name: security-context-uid spec: securityContext: runAsUser: 1000 runAsGroup: 1000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-userid image: gcr.io/google-samples/node-hello:1.0
Mount the File-System in Read-Only apiVersion: v1 kind: Pod metadata: name: security-context-read-only-fs spec: securityContext: runAsUser: 1000 runAsGroup: 1000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-userid image: gcr.io/google-samples/node-hello:1.0 securityContext: readOnlyRootFilesystem: true
Avoid Privilege Escalation apiVersion: v1 kind: Pod metadata: name: no-privilege-escaltion-container spec: securityContext: runAsUser: 1000 containers: - name: sec-ctx-privilege-container image: busybox:1.29 command: ['sh', '-c', 'sleep 300'] securityContext: allowPrivilegeEscalation: false
Linux Capabilities “Linux divides the supersuer privileges into distinct units, which we refer as capabilities” CAP_CHOWN Make arbitrary changes to file UIDs and GIDs CAP_NET_RAW * Use RAW and PACKET sockets * bind to any address for transparent proxying. ………...
Partition with Namespace Namespace Kubernetes Cluster Namespace QA Namespace PROD Pod A Pod B Pod C SVC QA Pod A Pod B Pod C SVC PROD
Control Pod-to-Pod Communication via Netwok Policies Namespace Kubernetes Cluster Namespace default Namespace prod Pod A app=cache Pod B app=back Pod X app=front Allow when, app=back namespace == default
Control Pod-to-Pod Communication via Netwok Policies Namespace Kubernetes Cluster Namespace default Namespace prod Pod A app=cache Pod B app=back Pod X app=front Allow when, app==back namespace == default
Authentication and Authorization Authenticaion Can a user to login to the cluster ? Authorization Can a user do requested action ? Admission Control Is it a valid request ? K8s objects
Kubernetes Users Normal Users Service Account Kubernetes API Server Roles and RoleBindings
Role Based Access Control (RBAC) - Roles Role “Applicable to a given namespace only.” kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: cloudyuga name: deployment-manager rules: - apiGroups: ["", "apps"] resources: ["deployments", "replicasets", "pods"] verbs: ["get", "list", "watch", "create", "update"] ClusterRole “Applicable Cluster Wide.” kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: deployment-manager-cluster rules: - apiGroups: ["", "apps"] resources: ["deployments", "replicasets", "pods"] verbs: ["get", "list", "watch", "create", "update"]
Role Based Access Control (RBAC) - Role Bindings RoleBinding “Applicable to a given namespace only.” ClusterRoleBinding “Applicable Cluster Wide.” Role Subjects - Normal Users - Service Accounts - Groups ClusterRole Subjects - Normal Users - Service Accounts - Groups
Role Based Access Control (RBAC) - Role Bindings RoleBinding kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: deployment-manager-binding namespace: cloudyuga subjects: - kind: User name: nkhare apiGroup: "rbac.authorization.k8s.io" roleRef: kind: Role name: deployment-manager apiGroup: "rbac.authorization.k8s.io" ClusterRoleBinding kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: cluster-manager-binding subjects: - kind: User name: nkhare apiGroup: "rbac.authorization.k8s.io" roleRef: kind: ClusterRole name: deployment-manager-cluster apiGroup: "rbac.authorization.k8s.io"
Auditing “Kubernetes audit.k8s.io API Group helps us answer following questions” ● what happened? ● when did it happen? ● who initiated it? ● on what did it happen? ● where was it observed? ● from where was it initiated? ● to where was it going?
Secret Management “Secrets are used for passing the credentials like Passwords, TLS Certificates.” Types of Secrets ● Generic ● TLS ● Docker Registry
Benchmarks Center of Internet Sercuity (CIS) Benchmarks
Thank You!! @neependra

Recomendados

Introduction to Kubernetes and GKE
Introduction to Kubernetes and GKEIntroduction to Kubernetes and GKE
Introduction to Kubernetes and GKEOpsta
 
How we can do Multi-Tenancy on Kubernetes
How we can do Multi-Tenancy on KubernetesHow we can do Multi-Tenancy on Kubernetes
How we can do Multi-Tenancy on KubernetesOpsta
 
Real World CI/CD with Kubernetes
Real World CI/CD with KubernetesReal World CI/CD with Kubernetes
Real World CI/CD with KubernetesOpsta
 
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseScaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseOpsta
 
Journey of Kubernetes Scaling
Journey of Kubernetes ScalingJourney of Kubernetes Scaling
Journey of Kubernetes ScalingOpsta
 
What you have to know about Certified Kubernetes Administrator (CKA)
What you have to know about Certified Kubernetes Administrator (CKA)What you have to know about Certified Kubernetes Administrator (CKA)
What you have to know about Certified Kubernetes Administrator (CKA)Opsta
 
Kubernetes: one cluster or many
Kubernetes: one cluster or many Kubernetes: one cluster or many
Kubernetes: one cluster or many cornelia davis
 
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Kublr
 

Recomendados

Introduction to Kubernetes and GKE
Introduction to Kubernetes and GKEIntroduction to Kubernetes and GKE
Introduction to Kubernetes and GKEOpsta
 
How we can do Multi-Tenancy on Kubernetes
How we can do Multi-Tenancy on KubernetesHow we can do Multi-Tenancy on Kubernetes
How we can do Multi-Tenancy on KubernetesOpsta
 
Real World CI/CD with Kubernetes
Real World CI/CD with KubernetesReal World CI/CD with Kubernetes
Real World CI/CD with KubernetesOpsta
 
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseScaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseOpsta
 
Journey of Kubernetes Scaling
Journey of Kubernetes ScalingJourney of Kubernetes Scaling
Journey of Kubernetes ScalingOpsta
 
What you have to know about Certified Kubernetes Administrator (CKA)
What you have to know about Certified Kubernetes Administrator (CKA)What you have to know about Certified Kubernetes Administrator (CKA)
What you have to know about Certified Kubernetes Administrator (CKA)Opsta
 
Kubernetes: one cluster or many
Kubernetes: one cluster or many Kubernetes: one cluster or many
Kubernetes: one cluster or many cornelia davis
 
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Kublr
 
Centralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive EnvironmentsCentralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive EnvironmentsKublr
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive LibbySchulze
 
How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsKublr
 
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Rob Szumski
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBACKublr
 
How to Become DevOps
How to Become DevOpsHow to Become DevOps
How to Become DevOpsOpsta
 
Kubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure AbstractionKubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure AbstractionKublr
 
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Weaveworks
 
Enterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalEnterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalQAware GmbH
 
Kubernetes Controller for Pull Request Based Environment
Kubernetes Controller for Pull Request Based EnvironmentKubernetes Controller for Pull Request Based Environment
Kubernetes Controller for Pull Request Based EnvironmentVishal Banthia
 
Beyond OpenStack | OpenStack in Real Life
Beyond OpenStack | OpenStack in Real LifeBeyond OpenStack | OpenStack in Real Life
Beyond OpenStack | OpenStack in Real LifeOpsta
 
Zero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesZero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesWojciech Barczyński
 
Go for Operations
Go for OperationsGo for Operations
Go for OperationsQAware GmbH
 
Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 sangam biradar
 
betterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit GobetterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit GoQAware GmbH
 
Knative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre RomanKnative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre RomanKCDItaly
 
GitOps - Operation By Pull Request
GitOps - Operation By Pull RequestGitOps - Operation By Pull Request
GitOps - Operation By Pull RequestKasper Nissen
 
Openshift argo cd_v1_2
Openshift argo cd_v1_2Openshift argo cd_v1_2
Openshift argo cd_v1_2RastinKenarsari
 
Running Kubernetes in Kubernetes
Running Kubernetes in KubernetesRunning Kubernetes in Kubernetes
Running Kubernetes in KubernetesQAware GmbH
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetessparkfabrik
 
User authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesUser authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesNeependra Khare
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 

Mais conteúdo relacionado

Mais procurados

Centralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive EnvironmentsCentralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive EnvironmentsKublr
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive LibbySchulze
 
How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsKublr
 
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Rob Szumski
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBACKublr
 
How to Become DevOps
How to Become DevOpsHow to Become DevOps
How to Become DevOpsOpsta
 
Kubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure AbstractionKubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure AbstractionKublr
 
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Weaveworks
 
Enterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalEnterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalQAware GmbH
 
Kubernetes Controller for Pull Request Based Environment
Kubernetes Controller for Pull Request Based EnvironmentKubernetes Controller for Pull Request Based Environment
Kubernetes Controller for Pull Request Based EnvironmentVishal Banthia
 
Beyond OpenStack | OpenStack in Real Life
Beyond OpenStack | OpenStack in Real LifeBeyond OpenStack | OpenStack in Real Life
Beyond OpenStack | OpenStack in Real LifeOpsta
 
Zero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesZero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesWojciech Barczyński
 
Go for Operations
Go for OperationsGo for Operations
Go for OperationsQAware GmbH
 
Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 sangam biradar
 
betterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit GobetterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit GoQAware GmbH
 
Knative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre RomanKnative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre RomanKCDItaly
 
GitOps - Operation By Pull Request
GitOps - Operation By Pull RequestGitOps - Operation By Pull Request
GitOps - Operation By Pull RequestKasper Nissen
 
Running Kubernetes in Kubernetes
Running Kubernetes in KubernetesRunning Kubernetes in Kubernetes
Running Kubernetes in KubernetesQAware GmbH
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetessparkfabrik
 

Mais procurados (20)

Centralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive EnvironmentsCentralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive Environments
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive
 
How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive Environments
 
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
 
How to Become DevOps
How to Become DevOpsHow to Become DevOps
How to Become DevOps
 
Kubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure AbstractionKubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure Abstraction
 
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Cloud Native Apps with GitOps
Cloud Native Apps with GitOps
 
Enterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalEnterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New Normal
 
Kubernetes Controller for Pull Request Based Environment
Kubernetes Controller for Pull Request Based EnvironmentKubernetes Controller for Pull Request Based Environment
Kubernetes Controller for Pull Request Based Environment
 
Beyond OpenStack | OpenStack in Real Life
Beyond OpenStack | OpenStack in Real LifeBeyond OpenStack | OpenStack in Real Life
Beyond OpenStack | OpenStack in Real Life
 
Zero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesZero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with Kubernetes
 
Go for Operations
Go for OperationsGo for Operations
Go for Operations
 
Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020
 
betterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit GobetterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit Go
 
Knative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre RomanKnative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre Roman
 
GitOps - Operation By Pull Request
GitOps - Operation By Pull RequestGitOps - Operation By Pull Request
GitOps - Operation By Pull Request
 
Openshift argo cd_v1_2
Openshift argo cd_v1_2Openshift argo cd_v1_2
Openshift argo cd_v1_2
 
Running Kubernetes in Kubernetes
Running Kubernetes in KubernetesRunning Kubernetes in Kubernetes
Running Kubernetes in Kubernetes
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetes
 

Semelhante a Security considerations while deploying Containerized Applications by Neependra Khare at #AgileIndia2019

User authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesUser authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesNeependra Khare
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on KubernetesOpsta
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)QAware GmbH
 
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise KubernetesMongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise KubernetesMongoDB
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDocker, Inc.
 
Continuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using HelmContinuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using HelmAdnan Abdulhussein
 
Kubernetes: від знайомства до використання у CI/CD
Kubernetes: від знайомства до використання у CI/CDKubernetes: від знайомства до використання у CI/CD
Kubernetes: від знайомства до використання у CI/CDStfalcon Meetups
 
Getting started with kubernetes
Getting started with kubernetesGetting started with kubernetes
Getting started with kubernetesBob Killen
 
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)Alexandre Roman
 
Introduction to Kubernetes with demo
Introduction to Kubernetes with demoIntroduction to Kubernetes with demo
Introduction to Kubernetes with demoOpsta
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Jose Manuel Ortega Candel
 
Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntAmir Moghimi
 
VMware Tanzu Introduction- June 11, 2020
VMware Tanzu Introduction- June 11, 2020VMware Tanzu Introduction- June 11, 2020
VMware Tanzu Introduction- June 11, 2020VMware Tanzu
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
 
Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service WinWire Technologies Inc
 
What's new in Kubernetes
What's new in KubernetesWhat's new in Kubernetes
What's new in KubernetesDaniel Smith
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 
Implementing-SaaS-on-Kubernetes-Michael-Knapp-Andrew-Gao-Capital-One.pdf
Implementing-SaaS-on-Kubernetes-Michael-Knapp-Andrew-Gao-Capital-One.pdfImplementing-SaaS-on-Kubernetes-Michael-Knapp-Andrew-Gao-Capital-One.pdf
Implementing-SaaS-on-Kubernetes-Michael-Knapp-Andrew-Gao-Capital-One.pdfssuserf4844f
 

Semelhante a Security considerations while deploying Containerized Applications by Neependra Khare at #AgileIndia2019 (20)

User authentication and authorizarion in Kubernetes
User authentication and authorizarion in KubernetesUser authentication and authorizarion in Kubernetes
User authentication and authorizarion in Kubernetes
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
 
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise KubernetesMongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
 
Continuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using HelmContinuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using Helm
 
Kubernetes: від знайомства до використання у CI/CD
Kubernetes: від знайомства до використання у CI/CDKubernetes: від знайомства до використання у CI/CD
Kubernetes: від знайомства до використання у CI/CD
 
Getting started with kubernetes
Getting started with kubernetesGetting started with kubernetes
Getting started with kubernetes
 
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
 
Introduction to Kubernetes with demo
Introduction to Kubernetes with demoIntroduction to Kubernetes with demo
Introduction to Kubernetes with demo
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops
 
Kubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseKubernetes basics and hands on exercise
Kubernetes basics and hands on exercise
 
Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
 
VMware Tanzu Introduction- June 11, 2020
VMware Tanzu Introduction- June 11, 2020VMware Tanzu Introduction- June 11, 2020
VMware Tanzu Introduction- June 11, 2020
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals Training
 
Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service
 
What's new in Kubernetes
What's new in KubernetesWhat's new in Kubernetes
What's new in Kubernetes
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
Implementing-SaaS-on-Kubernetes-Michael-Knapp-Andrew-Gao-Capital-One.pdf
Implementing-SaaS-on-Kubernetes-Michael-Knapp-Andrew-Gao-Capital-One.pdfImplementing-SaaS-on-Kubernetes-Michael-Knapp-Andrew-Gao-Capital-One.pdf
Implementing-SaaS-on-Kubernetes-Michael-Knapp-Andrew-Gao-Capital-One.pdf
 

Mais de Agile India

Design Teams are a Design Exercise by Phillip Joe at #AgileIndia2019
Design Teams are a Design Exercise by Phillip Joe at #AgileIndia2019Design Teams are a Design Exercise by Phillip Joe at #AgileIndia2019
Design Teams are a Design Exercise by Phillip Joe at #AgileIndia2019Agile India
 
Keeping hundreds of code repositories consistent, and staying sane by Vincent...
Keeping hundreds of code repositories consistent, and staying sane by Vincent...Keeping hundreds of code repositories consistent, and staying sane by Vincent...
Keeping hundreds of code repositories consistent, and staying sane by Vincent...Agile India
 
The End is Nigh! Signs of Transformation Apocalypse by Alex Sloley at #AgileI...
The End is Nigh! Signs of Transformation Apocalypse by Alex Sloley at #AgileI...The End is Nigh! Signs of Transformation Apocalypse by Alex Sloley at #AgileI...
The End is Nigh! Signs of Transformation Apocalypse by Alex Sloley at #AgileI...Agile India
 
Strategic Domain-Driven Design by Nick Tune at #AgileIndia2019
Strategic Domain-Driven Design by Nick Tune at #AgileIndia2019Strategic Domain-Driven Design by Nick Tune at #AgileIndia2019
Strategic Domain-Driven Design by Nick Tune at #AgileIndia2019Agile India
 
Acceptance Testing for Continuous Delivery by Dave Farley at #AgileIndia2019
Acceptance Testing for Continuous Delivery by Dave Farley at #AgileIndia2019Acceptance Testing for Continuous Delivery by Dave Farley at #AgileIndia2019
Acceptance Testing for Continuous Delivery by Dave Farley at #AgileIndia2019Agile India
 
All track development - (or how we dropped the collective ego and created a p...
All track development - (or how we dropped the collective ego and created a p...All track development - (or how we dropped the collective ego and created a p...
All track development - (or how we dropped the collective ego and created a p...Agile India
 
Open Salaries: from employees to managing partners by Alexey Voronin at #Agil...
Open Salaries: from employees to managing partners by Alexey Voronin at #Agil...Open Salaries: from employees to managing partners by Alexey Voronin at #Agil...
Open Salaries: from employees to managing partners by Alexey Voronin at #Agil...Agile India
 
Scaling Enterprise Agility amidst Cross Border Merger by Rocky Woestenborghs ...
Scaling Enterprise Agility amidst Cross Border Merger by Rocky Woestenborghs ...Scaling Enterprise Agility amidst Cross Border Merger by Rocky Woestenborghs ...
Scaling Enterprise Agility amidst Cross Border Merger by Rocky Woestenborghs ...Agile India
 
InfraOps Agility - A Sysad's Perspective by Dushyanth Harinath at #AgileIndia...
InfraOps Agility - A Sysad's Perspective by Dushyanth Harinath at #AgileIndia...InfraOps Agility - A Sysad's Perspective by Dushyanth Harinath at #AgileIndia...
InfraOps Agility - A Sysad's Perspective by Dushyanth Harinath at #AgileIndia...Agile India
 
Going for 10X: Building teams in a Hyper-Competitive Market by Jacob Singh at...
Going for 10X: Building teams in a Hyper-Competitive Market by Jacob Singh at...Going for 10X: Building teams in a Hyper-Competitive Market by Jacob Singh at...
Going for 10X: Building teams in a Hyper-Competitive Market by Jacob Singh at...Agile India
 
Principle 11 needs to go! by Ken France at #AgileIndia2019
Principle 11 needs to go! by Ken France at #AgileIndia2019Principle 11 needs to go! by Ken France at #AgileIndia2019
Principle 11 needs to go! by Ken France at #AgileIndia2019Agile India
 
Becoming the Catalyst - The Spark of Change that Will Move Your Team Forward ...
Becoming the Catalyst - The Spark of Change that Will Move Your Team Forward ...Becoming the Catalyst - The Spark of Change that Will Move Your Team Forward ...
Becoming the Catalyst - The Spark of Change that Will Move Your Team Forward ...Agile India
 
Branding within your UX: The secret to creating loyal customers by Bill Beard...
Branding within your UX: The secret to creating loyal customers by Bill Beard...Branding within your UX: The secret to creating loyal customers by Bill Beard...
Branding within your UX: The secret to creating loyal customers by Bill Beard...Agile India
 
Build Agile Organization: Lessons Learned from Aikido by Marc Gong at #AgileI...
Build Agile Organization: Lessons Learned from Aikido by Marc Gong at #AgileI...Build Agile Organization: Lessons Learned from Aikido by Marc Gong at #AgileI...
Build Agile Organization: Lessons Learned from Aikido by Marc Gong at #AgileI...Agile India
 
Cloud Native in the US Federal Government by Jez Humble at #AgileIndia2019
Cloud Native in the US Federal Government by Jez Humble at #AgileIndia2019Cloud Native in the US Federal Government by Jez Humble at #AgileIndia2019
Cloud Native in the US Federal Government by Jez Humble at #AgileIndia2019Agile India
 
Building and Scaling High Performing Technology Organizations by Jez Humble a...
Building and Scaling High Performing Technology Organizations by Jez Humble a...Building and Scaling High Performing Technology Organizations by Jez Humble a...
Building and Scaling High Performing Technology Organizations by Jez Humble a...Agile India
 
Reactive Systems by Dave Farley at #AgileIndia2019
Reactive Systems by Dave Farley at #AgileIndia2019Reactive Systems by Dave Farley at #AgileIndia2019
Reactive Systems by Dave Farley at #AgileIndia2019Agile India
 
Collaboration Contracts by Diane Zajac & Doc Norton at #AgileIndia2019
Collaboration Contracts by Diane Zajac & Doc Norton at #AgileIndia2019Collaboration Contracts by Diane Zajac & Doc Norton at #AgileIndia2019
Collaboration Contracts by Diane Zajac & Doc Norton at #AgileIndia2019Agile India
 
Tuckman was wrong by Doc Norton at #AgileIndia2019
Tuckman was wrong by Doc Norton at #AgileIndia2019Tuckman was wrong by Doc Norton at #AgileIndia2019
Tuckman was wrong by Doc Norton at #AgileIndia2019Agile India
 
7 Steps to Design, Build, and Scale an AI Product by Allie Miller at #AgileIn...
7 Steps to Design, Build, and Scale an AI Product by Allie Miller at #AgileIn...7 Steps to Design, Build, and Scale an AI Product by Allie Miller at #AgileIn...
7 Steps to Design, Build, and Scale an AI Product by Allie Miller at #AgileIn...Agile India
 

Mais de Agile India (20)

Design Teams are a Design Exercise by Phillip Joe at #AgileIndia2019
Design Teams are a Design Exercise by Phillip Joe at #AgileIndia2019Design Teams are a Design Exercise by Phillip Joe at #AgileIndia2019
Design Teams are a Design Exercise by Phillip Joe at #AgileIndia2019
 
Keeping hundreds of code repositories consistent, and staying sane by Vincent...
Keeping hundreds of code repositories consistent, and staying sane by Vincent...Keeping hundreds of code repositories consistent, and staying sane by Vincent...
Keeping hundreds of code repositories consistent, and staying sane by Vincent...
 
The End is Nigh! Signs of Transformation Apocalypse by Alex Sloley at #AgileI...
The End is Nigh! Signs of Transformation Apocalypse by Alex Sloley at #AgileI...The End is Nigh! Signs of Transformation Apocalypse by Alex Sloley at #AgileI...
The End is Nigh! Signs of Transformation Apocalypse by Alex Sloley at #AgileI...
 
Strategic Domain-Driven Design by Nick Tune at #AgileIndia2019
Strategic Domain-Driven Design by Nick Tune at #AgileIndia2019Strategic Domain-Driven Design by Nick Tune at #AgileIndia2019
Strategic Domain-Driven Design by Nick Tune at #AgileIndia2019
 
Acceptance Testing for Continuous Delivery by Dave Farley at #AgileIndia2019
Acceptance Testing for Continuous Delivery by Dave Farley at #AgileIndia2019Acceptance Testing for Continuous Delivery by Dave Farley at #AgileIndia2019
Acceptance Testing for Continuous Delivery by Dave Farley at #AgileIndia2019
 
All track development - (or how we dropped the collective ego and created a p...
All track development - (or how we dropped the collective ego and created a p...All track development - (or how we dropped the collective ego and created a p...
All track development - (or how we dropped the collective ego and created a p...
 
Open Salaries: from employees to managing partners by Alexey Voronin at #Agil...
Open Salaries: from employees to managing partners by Alexey Voronin at #Agil...Open Salaries: from employees to managing partners by Alexey Voronin at #Agil...
Open Salaries: from employees to managing partners by Alexey Voronin at #Agil...
 
Scaling Enterprise Agility amidst Cross Border Merger by Rocky Woestenborghs ...
Scaling Enterprise Agility amidst Cross Border Merger by Rocky Woestenborghs ...Scaling Enterprise Agility amidst Cross Border Merger by Rocky Woestenborghs ...
Scaling Enterprise Agility amidst Cross Border Merger by Rocky Woestenborghs ...
 
InfraOps Agility - A Sysad's Perspective by Dushyanth Harinath at #AgileIndia...
InfraOps Agility - A Sysad's Perspective by Dushyanth Harinath at #AgileIndia...InfraOps Agility - A Sysad's Perspective by Dushyanth Harinath at #AgileIndia...
InfraOps Agility - A Sysad's Perspective by Dushyanth Harinath at #AgileIndia...
 
Going for 10X: Building teams in a Hyper-Competitive Market by Jacob Singh at...
Going for 10X: Building teams in a Hyper-Competitive Market by Jacob Singh at...Going for 10X: Building teams in a Hyper-Competitive Market by Jacob Singh at...
Going for 10X: Building teams in a Hyper-Competitive Market by Jacob Singh at...
 
Principle 11 needs to go! by Ken France at #AgileIndia2019
Principle 11 needs to go! by Ken France at #AgileIndia2019Principle 11 needs to go! by Ken France at #AgileIndia2019
Principle 11 needs to go! by Ken France at #AgileIndia2019
 
Becoming the Catalyst - The Spark of Change that Will Move Your Team Forward ...
Becoming the Catalyst - The Spark of Change that Will Move Your Team Forward ...Becoming the Catalyst - The Spark of Change that Will Move Your Team Forward ...
Becoming the Catalyst - The Spark of Change that Will Move Your Team Forward ...
 
Branding within your UX: The secret to creating loyal customers by Bill Beard...
Branding within your UX: The secret to creating loyal customers by Bill Beard...Branding within your UX: The secret to creating loyal customers by Bill Beard...
Branding within your UX: The secret to creating loyal customers by Bill Beard...
 
Build Agile Organization: Lessons Learned from Aikido by Marc Gong at #AgileI...
Build Agile Organization: Lessons Learned from Aikido by Marc Gong at #AgileI...Build Agile Organization: Lessons Learned from Aikido by Marc Gong at #AgileI...
Build Agile Organization: Lessons Learned from Aikido by Marc Gong at #AgileI...
 
Cloud Native in the US Federal Government by Jez Humble at #AgileIndia2019
Cloud Native in the US Federal Government by Jez Humble at #AgileIndia2019Cloud Native in the US Federal Government by Jez Humble at #AgileIndia2019
Cloud Native in the US Federal Government by Jez Humble at #AgileIndia2019
 
Building and Scaling High Performing Technology Organizations by Jez Humble a...
Building and Scaling High Performing Technology Organizations by Jez Humble a...Building and Scaling High Performing Technology Organizations by Jez Humble a...
Building and Scaling High Performing Technology Organizations by Jez Humble a...
 
Reactive Systems by Dave Farley at #AgileIndia2019
Reactive Systems by Dave Farley at #AgileIndia2019Reactive Systems by Dave Farley at #AgileIndia2019
Reactive Systems by Dave Farley at #AgileIndia2019
 
Collaboration Contracts by Diane Zajac & Doc Norton at #AgileIndia2019
Collaboration Contracts by Diane Zajac & Doc Norton at #AgileIndia2019Collaboration Contracts by Diane Zajac & Doc Norton at #AgileIndia2019
Collaboration Contracts by Diane Zajac & Doc Norton at #AgileIndia2019
 
Tuckman was wrong by Doc Norton at #AgileIndia2019
Tuckman was wrong by Doc Norton at #AgileIndia2019Tuckman was wrong by Doc Norton at #AgileIndia2019
Tuckman was wrong by Doc Norton at #AgileIndia2019
 
7 Steps to Design, Build, and Scale an AI Product by Allie Miller at #AgileIn...
7 Steps to Design, Build, and Scale an AI Product by Allie Miller at #AgileIn...7 Steps to Design, Build, and Scale an AI Product by Allie Miller at #AgileIn...
7 Steps to Design, Build, and Scale an AI Product by Allie Miller at #AgileIn...
 

Último

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfSkillCertProExams
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIINhPhngng3
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...amilabibi1
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Baileyhlharris
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCamilleBoulbin1
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedDelhi Call girls
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Delhi Call girls
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lodhisaajjda
 
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Pooja Nehwal
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatmentnswingard
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoKayode Fayemi
 

Último (20)

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 

Security considerations while deploying Containerized Applications by Neependra Khare at #AgileIndia2019

  • 2. About Me - Neependra Khare ● Founder and Principal Consultant at CloudYuga ● Authored Introduction to Kubernetes MOOC on Edx for the CNCF, which is taken by more than 63,000 people worldwide ● CNCF Ambassador ● Certified Kubernetes Administrator ● More than 15 years of IT experience ● Authored Docker Cookbook ISBN: 9781783984862 in 2015 ● Ran Docker Meetup in Bangalore for more than 5 years
  • 3. Application Container Image Base Container Image Runtime/Libraries Application
  • 4. Application Container Base Container Image Runtime/Libraries Application Host Container Runtime Container
  • 5. Container Orchestration Host Container Runtime Container Container Host Container Runtime Container Container Host Container Runtime Container Container Container Orchestrator - K8s
  • 6. Security Consideration for Application Imgaes ● Image Scanning ● Image Signing ● Audit and Compliance Base Container Image Runtime/Libraries Application
  • 7. Keep the Image size Minimal FROM node:10/node:10-alpine EXPOSE 8080 COPY server.js . CMD node server.js REPOSITORY TAG IMAGE ID CREATED SIZE node-app node-10 fcd053e2141e 11 minutes ago 673MB node-app node-10-alpine b93e5ada9a6f 11 minutes ago 70.6MB
  • 8. Run program as Non-root User FROM python:3.7-alpine RUN addgroup -S apprunner RUN adduser -G apprunner -S apprunner USER apprunner COPY . /opt/app WORKDIR /opt/app RUN pip install -r requirements.txt --user EXPOSE 8080 ENTRYPOINT ["python", "hello.py"]
  • 9. Run as Non-root apiVersion: v1 kind: Pod metadata: name: security-context-uid spec: securityContext: runAsUser: 1000 runAsGroup: 1000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-userid image: gcr.io/google-samples/node-hello:1.0
  • 10. Mount the File-System in Read-Only apiVersion: v1 kind: Pod metadata: name: security-context-read-only-fs spec: securityContext: runAsUser: 1000 runAsGroup: 1000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-userid image: gcr.io/google-samples/node-hello:1.0 securityContext: readOnlyRootFilesystem: true
  • 11. Avoid Privilege Escalation apiVersion: v1 kind: Pod metadata: name: no-privilege-escaltion-container spec: securityContext: runAsUser: 1000 containers: - name: sec-ctx-privilege-container image: busybox:1.29 command: ['sh', '-c', 'sleep 300'] securityContext: allowPrivilegeEscalation: false
  • 12. Linux Capabilities “Linux divides the supersuer privileges into distinct units, which we refer as capabilities” CAP_CHOWN Make arbitrary changes to file UIDs and GIDs CAP_NET_RAW * Use RAW and PACKET sockets * bind to any address for transparent proxying. ………...
  • 13. Partition with Namespace Namespace Kubernetes Cluster Namespace QA Namespace PROD Pod A Pod B Pod C SVC QA Pod A Pod B Pod C SVC PROD
  • 14. Control Pod-to-Pod Communication via Netwok Policies Namespace Kubernetes Cluster Namespace default Namespace prod Pod A app=cache Pod B app=back Pod X app=front Allow when, app=back namespace == default
  • 15. Control Pod-to-Pod Communication via Netwok Policies Namespace Kubernetes Cluster Namespace default Namespace prod Pod A app=cache Pod B app=back Pod X app=front Allow when, app==back namespace == default
  • 16. Authentication and Authorization Authenticaion Can a user to login to the cluster ? Authorization Can a user do requested action ? Admission Control Is it a valid request ? K8s objects
  • 17. Kubernetes Users Normal Users Service Account Kubernetes API Server Roles and RoleBindings
  • 18. Role Based Access Control (RBAC) - Roles Role “Applicable to a given namespace only.” kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: cloudyuga name: deployment-manager rules: - apiGroups: ["", "apps"] resources: ["deployments", "replicasets", "pods"] verbs: ["get", "list", "watch", "create", "update"] ClusterRole “Applicable Cluster Wide.” kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: deployment-manager-cluster rules: - apiGroups: ["", "apps"] resources: ["deployments", "replicasets", "pods"] verbs: ["get", "list", "watch", "create", "update"]
  • 19. Role Based Access Control (RBAC) - Role Bindings RoleBinding “Applicable to a given namespace only.” ClusterRoleBinding “Applicable Cluster Wide.” Role Subjects - Normal Users - Service Accounts - Groups ClusterRole Subjects - Normal Users - Service Accounts - Groups
  • 20. Role Based Access Control (RBAC) - Role Bindings RoleBinding kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: deployment-manager-binding namespace: cloudyuga subjects: - kind: User name: nkhare apiGroup: "rbac.authorization.k8s.io" roleRef: kind: Role name: deployment-manager apiGroup: "rbac.authorization.k8s.io" ClusterRoleBinding kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: cluster-manager-binding subjects: - kind: User name: nkhare apiGroup: "rbac.authorization.k8s.io" roleRef: kind: ClusterRole name: deployment-manager-cluster apiGroup: "rbac.authorization.k8s.io"
  • 21. Auditing “Kubernetes audit.k8s.io API Group helps us answer following questions” ● what happened? ● when did it happen? ● who initiated it? ● on what did it happen? ● where was it observed? ● from where was it initiated? ● to where was it going?
  • 22. Secret Management “Secrets are used for passing the credentials like Passwords, TLS Certificates.” Types of Secrets ● Generic ● TLS ● Docker Registry
  • 23. Benchmarks Center of Internet Sercuity (CIS) Benchmarks