Upload File

kubernetes cluster wide security policy configuration

  • Home
  • Technology
  • Kubernetes Cluster Wide Security Policy Configuration
6
Kubernetes Pradipta Banerjee @pradipta_kr www.cloudgeekz.com

Upload: bpradipt

Post on 19-Mar-2017

134 views

Category:

Technology


2 download

Report

TRANSCRIPT

Page 1: Kubernetes Cluster Wide Security Policy Configuration

KubernetesPradipta Banerjee

@pradipta_kr www.cloudgeekz.com

http://www.cloudgeekz.com/
Page 2: Kubernetes Cluster Wide Security Policy Configuration

Kubernetes Components

Page 3: Kubernetes Cluster Wide Security Policy Configuration

Kubernetes Authentication and Authorization

Page 4: Kubernetes Cluster Wide Security Policy Configuration

Container Security Policies

• What ?• Can the container process run as

‘root’ user ?• Can the user run a ‘privileged’

container ?• What ‘capabilities’ should be

allowed for the container ?• …

• How ?• How the cluster admin can enforce

container security ?

• Kubernetes provides Pod Security Policy for enforcing cluster wide security policies.

Page 5: Kubernetes Cluster Wide Security Policy Configuration

Example Policy Don’t allow process(es) inside the container to run as the ‘root’ user

POD should meet the following criteria:• The POD container image(s) should have USER attribute definedOR• The POD YAML file should explicitly specify the non-root USER ID as part of securityContext

noroot.yaml pod.yaml

Page 6: Kubernetes Cluster Wide Security Policy Configuration

References• https://kubernetes.io/docs/user-guide/pod-security-policy/• cloudgeekz.com/1204/docker-cluster-kubernetes-policies.html• https://www.katacoda.com/bpradipt/scenarios/kubernetes-podsecuri

typolicy

https://kubernetes.io/docs/user-guide/pod-security-policy/
https://www.katacoda.com/bpradipt/scenarios/kubernetes-podsecuritypolicy
https://www.katacoda.com/bpradipt/scenarios/kubernetes-podsecuritypolicy
https://www.katacoda.com/bpradipt/scenarios/kubernetes-podsecuritypolicy

Deploying a FHIR server in a Kubernetes cluster...2018/11/15  · Kubernetes and Docker • Kubernetes adds functionality to Docker • Manages a set of Docker hosts forming a Cluster

Create Azure Kubernetes Cluster

Rancher Kubernetes Cluster using CSI Driver for Dell …...including app packaging, CI/CD, logging, monitoring, and service mesh. Solution infrastructure 9 Rancher Kubernetes Cluster

Linux Cluster Configuration

hbaseconasia2017: Building online HBase cluster of Zhihu based on Kubernetes

MCP Standard Configuration - Mirantis€¦ · Large Kubernetes cluster architecture 36 Ceph hardware requirements 38 Ceph cluster considerations 38 Ceph hardware considerations 40

HPE Infra as Code - Programmez!...Jenkins Server. GitHub. Use terraform instructions to deploy: - Kubernetes Cluster in AWS - or Kubernetes Cluster on Premise - or Kubernetes on bare

Kubernetes as an approach for solving bioinformatic problems1145028/... · 2017-09-27 · 5.1 Kubernetes Basics ... Kubernetes is a cluster orchestration tool used to facilitate deployment

SED571 - Kubernetes Cluster Management...wisdom to offer around cluster management, scheduling, orchestration. He's the Kubernetes He's the Kubernetes lead architect today and …

Dear IT...I'd Like A Kubernetes Cluster

TIBCO BusinessEvents Cloud Deployment Guide · TIBCO BusinessEvents on Minikube Based Kubernetes..... 75 Appendix: Sample YAML Files for Kubernetes Cluster..... 76. Sample Kubernetes

DNS Cluster Configuration

Chassis Cluster Configuration

Kubernetes – From the Firehose - webagesolutions.com · Kubernetes can be deployed on a bare-metal cluster (real machines) or on a cluster of virtual machines. 1.2 Container Orchestration

SQL Cluster Configuration for Autodesk Vault Serverunderthehood-autodesk.typepad.com/files/sql-cluster-configuration... · SQL Cluster Configuration for Autodesk Vault Server 2

Datenbank-Cluster und Container - Kubernetes PetSets

Cluster management with Kubernetes

Tectonic Summit 2016: Multi-Cluster Kubernetes: Planning for Unknowns

A Million ways of Deploying a Kubernetes Cluster

vSphere with Kubernetes Configuration and Management ...€¦ · Scale Up and Down an Application 82 ... List of Tanzu Kubernetes Cluster Secrets 127 ... vSphere with Kubernetes on

Chapter 1: Introducing Continuous DeliveryService Kubernetes cluster Service Node a Google Cloud Platform Kubernetes Engine Clusters Workloads Services Applications Configuration Storage

commit => #GitHub => #CircleCI => #Docker => #Kubernetes #AWS cluster

Quickr Cluster Configuration

Managing Docker Containers In A Cluster - Introducing Kubernetes

WilyISEM Cluster Configuration

HPE Reference Configuration for Kubernetes, Portworx PX ... · This Reference Configuration describes a Kubernetes -as-container orchestration platform and Portworx as a cloud-native

Rancher Kubernetes Cluster using CSI Driver for Dell EMC ... · CSI driver to dynamically provision persistent volumes in a Rancher managed Kubernetes cluster. Readers are expected

Rancher 2.0 Technical Preview & Bluemix Kubernetes Cluster Import

Large-Scale Cluster Mangement & Kubernetes Under The Hood

Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes

Management for Kubernetes Red Hat Advanced Cluster

Create Kubernetes cluster Login to portal and select ... · Create Kubernetes cluster Login to portal and select kubernetes service On the Basics page, configure the following options:

Configuration et gestion de vSphere with Kubernetes

TREVOR JOYNSONOther things automated were ceph cluster setup, Kubernetes deployment to Paperspace, WireGuard vpn services, SSH key management, etc. • Implemented 12 factor configuration

KUBERNETES CLUSTER IN THE FIRST COLO DATA CENTER …