Kubernetes ecosystem consists of a variety of components, which are complex architecture and interrelationships. In this video, learn how to identify core and associated components of Kubernetes and articulate their functions.
- To implement security controls, for protecting your container, and Kubernetes' ecosystem. You first need to identify, the attack surface. And that requires, an understanding of the end to end architecture. That also requires knowledge of the role, each building block plays, from the first line of code, all the way to the running containers in production. Here is a simplified view, of a few key building blocks in this ecosystem. Of course, the real picture is a bit more complex than this. Taking the code, from developers hands, to a deployed application in Kubernetes, is made possible, by careful coordination of these building blocks. These building blocks, must work harmoniously with each other. To draw a crude analogy, imagine a conveyor belt system in a factory. The conveyor belt, moves raw materials, from one station to another. Each station transforms, and adds incremental value to the material. After the work is done by the last station, you get a finished product ready to be shipped. Let's get back to the ecosystem diagram. Source Code Repositories, such as get hub and get lab, whether deployed in the cloud, or in your own premise environment, store the Source Code written by your developers. An Artifact Repository, serves as the source for third party software components, libraries, and the build artifacts for your developers. It also makes those third party, software components available to your developers, with built in governance, and a security policy around it. The Build Infrastructure, along with its continuous integration pipeline, provides both the engine and the workflow, to compile the Source Code and build container images. The images that have been scanned, for security and can be trusted. These container images, are stored in an Image Repository, and access to via central registry. A Container Orchestrator such as Kubernetes, is set up and configured, in advance by the admin, the Orchestrator locates, an optimal compute node to run the Container Image. And finally, the Orchestrator, then continues to monitor, run, and restart your application containers.
- Defining containers
- What is Kubernetes?
- Attack surface and vectors
- Five security factors
- Securing containerized app code
- Securing images
- Securing hosts and the container working environment
- Securing apps in Kubernetes
- Securing Kubernetes clusters