From the course: Securing Containers and Kubernetes Ecosystem
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Image registry access control - Kubernetes Tutorial
From the course: Securing Containers and Kubernetes Ecosystem
Image registry access control
- [Narrator] Even if the connection to the registry is encrypted, that will not prevent a malicious user with extraordinary privileges from accessing the images in the registry. So allow only authenticated users and service accounts to access your registry, but that's not sufficient either. Not all authenticated subjects are equal, not every authenticated subject needs to perform the same set of actions to those images. Think about this, the publisher process executed as part of your CI/CD pipeline, that uploads the image to your image registry. Does it really need both read and update permissions? So long as it has the right permissions that should be sufficient. So apply the principle of least privilege and give only permissions needed to do the job. Similarly, when the Kubernetes orchestrator needs to pull images from an image registry, it doesn't need the right access, read-only access will just be sufficient.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.