Rootless containers from scratch
Containers have taken off as a foundational technology for cloud native application development and deployment, through tools like Docker and Kubernetes. But there is an often-overlooked security issue, whereby users generally need root privileges to run containers, and by default, containers run as root on the host. Recently there have been significant advances to enable “rootless containers” that can be run without requiring root privileges. This talk will use live-coding in Go to illustrate how rootless containers are created, exploring why root was originally required and what has changed to enable rootless operation.Lernziele
Attendees should leave this talk understanding that
* from the host’s perspective, containers are really just processes
* containers today are very likely to be running as root
* rootless containers will be a significant security improvement
Speaker
Liz Rice is VP Open Source Engineering with cloud native security specialists Aqua Security and chair of the CNCF's Technical Oversight Committee. She co-chaired the KubeCon / CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle, and co-authored a book on Kubernetes Security for O'Reilly, with Michael Hausenblas.
CLC-Newsletter
Du möchtest über die Continuous Lifecycle
auf dem Laufenden gehalten werden?