From the course: Securing Containers and Kubernetes Ecosystem
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Container port and interface security - Kubernetes Tutorial
From the course: Securing Containers and Kubernetes Ecosystem
Container port and interface security
- [Instructor] Let's get back to stand alone containers. Even with the bridge network, containers are not directly routable from applications outside the cluster. So how do containers communicate with the outside world? You will need to map a TCP or a UDP port on the host network interface to a target container port. When executing Docker run command, you specify this mapping with -p or -- publish option. For example, this command will forward traffic on port 8088 of the host to port 8080 of the container. In contrast to Kubernetes, Docker does not come with network security policies. So you will need to put best practices and security controls in place to ensure that the communication among containers takes place only between the authorized parties. So let's review some of these controls. The port mapping command that you just saw has a security issue. With this command the container ports are exposed to any IP address which…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.