Containers are game changers for software development, application deployment operations, and security. In this video, learn how to articulate containers, its benefits and relevance, and how they are different from virtual machines.
- [Instructor] A container is a software that packages not only your application code, but also its dependencies such as libraries, configuration settings, and the file system. Containers are portable, meaning they can run on different kinds of operating systems and infrastructure, seamlessly. They isolate a running application from the environment outside the application, as well as from the other containers. Now it's important to realize the difference between a container and a container image. A container image is a special file, that becomes a container when it is run as a process of an operating system. So before we jump into the technology behind the containers, let's take a look at the reasons why you use them. First, the economics, containers are more bang for your buck. Look, if you're running only one operating system, all running containers utilize the same OS and that makes containers lightweight compared to a virtual machine. So when a given hardware setup, you can squeeze a larger number of business applications, since all the dependencies required for an application are packaged along with your code. You don't run into the issue of it works in my laptop, but not in production. Containers are portable across platforms. It is easier to build and share container images in comparison to virtual machine images, given that images are built in layers, they offer observability all the way from the OS to the application layer. When implemented with the right set of security controls, containers limit the spillover should a containerized application be breached, but the security of containers depend upon correctly using the features and isolation capabilities of an operating system. Containers take advantage of an operating system paradigm, known as OS Virtualization. OS Virtualization is made possible, by the capabilities of the kernel of the OS. These capabilities make a running application pink as if it has got a full copy of the OS only to itself. But in reality, multiple applications are sharing the same operating system. This kind of virtualization plays a significant role in the security of containers and the applications running inside them. That's why, it's worth while to review and compare it with other virtualization techniques.
- Defining containers
- What is Kubernetes?
- Attack surface and vectors
- Five security factors
- Securing containerized app code
- Securing images
- Securing hosts and the container working environment
- Securing apps in Kubernetes
- Securing Kubernetes clusters