Capabilities and Seccomp Profiles on Kubernetes

Capabilities and Seccomp Profiles on Kubernetes In a previous post we talked about Linux Capabilities and Secure Compute Profiles, in this post we are going to see how we can leverage them on Kubernetes. We will need a Kubernetes cluster, I’m going to use kcli in order to get one. Below command will deploy a Kubernetes cluster on VMs: NOTE: You can create a parameters file with the cluster configuration as well....

Published on April 1, 2021 · Last updated on April 1, 2021 · 9 min · Mario

Container Security - Linux Capabilities and Secure Compute Profiles

Container Security - Linux Capabilities and Secure Compute Profiles In this post we are going to see two security mechanisms used in Linux Containers in order to provide a security layer for our workloads. We will see how Linux Capabilities and Secure Compute Profiles can be used for limiting the attack surface for our containers. The first part of the blog post will be an introduction to Linux Capabilities and Secure Compute Profiles, second part will show how these technologies work through the use of demos....

Published on March 27, 2021 · Last updated on March 27, 2021 · 15 min · Mario

Containers under the Hood

Containers are Linux You probably already heard this expression, in today’s post we are going to desmitify container technologies by decomposing them part by part and describing which Linux technologies make containers possible. We can describe a container as an isolated process running on a host. In order to isolate the process the container runtimes leverage Linux kernel technologies such as: namespaces, chroots, cgroups, etc. plus security layers like SELinux....

Published on March 25, 2021 · Last updated on March 25, 2021 · 12 min · Mario

Integrating our Operators with OLM

Introduction This post is a continuation of our previous blog Writing Operators using the Operator Framework SDK. We will continue working on the operator created on the previous blog, if you want to be able to follow this blog, you will need to run the steps from the previous blog. Operator Lifecycle Manager The Operator Lifecycle Manager is an open source toolkit to manage Operators in an effective, automated and scalable way....

Published on September 16, 2020 · Last updated on February 13, 2023 · 6 min · Mario

Using OpenShift OAuth Proxy to secure your Applications on OpenShift

What is OAuth Proxy A reverse proxy and static file server that provides authentication and authorization to an OpenShift OAuth server or Kubernetes master supporting the 1.6+ remote authorization endpoints to validate access to content. It is intended for use withing OpenShift clusters to make it easy to run both end-user and infrastructure services that do not provider their own authentication. [Source] Securing an Application with OAuth Proxy In this blog post we are going to deploy OAuth Proxy in front of a simple application....

Published on July 30, 2019 · Last updated on May 30, 2023 · 7 min · Mario