From the course: Securing Containers and Kubernetes Ecosystem
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Host OS protection - Kubernetes Tutorial
From the course: Securing Containers and Kubernetes Ecosystem
Host OS protection
- [Instructor] Unlike hardware virtualization, in OS virtualization, multiple containers share the same OS. That leads to an expectation of mutual trust between the container and the host OS running that container. So far we have been discussing container and application security. But the host is equally accountable in the security of this ecosystem. In fact, the impact of a host being breached is way more amplified than that of a container breach. So let's walk through security controls to protect the host. Start with minimizing the host's attack surface. A typical Linux operating system has way more services running than you need to support container applications. Here you have two options to choose from. First, run a minimal OS that has been custom built for running containers, for example, VMware Photon or Red Hat CoreOS. These so called thin OSs have been stripped off of many components and services not…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.