Container Security by Liz Rice
Author:Liz Rice [Liz Rice]
Language: eng
Format: epub
Publisher: O'Reilly Media, Inc.
Published: 2020-06-24T16:00:00+00:00
Image deployment security
The main security concern at deployment time is ensuring that the correct image gets pulled and run, although there are additional checks you might want to make through what is called Admission Control.
Deploying the right image
As you saw in “Identifying images”, container image tags are not immutable - they are can be moved to different versions of the same image. Referring to images by their digest, rather than by tag, can help ensure that the image is the version that you think it is. However, if your build system tags images with semantic versioning, and this is strictly adhered to, this may be sufficient and easier to manage since you don’t necessarily have to update the image reference for every minor update.
If you refer to images by tag, you should always pull the latest version before running in case there has been an update. Fortunately, this is relatively efficient since the image manifest is retrieved first, and image layers only have to be retrieved if they have changed.
In Kubernetes this is defined by the imagePullPolicy. An image policy to pull every time is unnecessary if you refer to images by digest, since any update would mean you have to change the digest.
Depending on your risk profile you may also want to check the provenance of the image by checking for an image signature managed by a tool like the aforementioned Notary.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7787)
Grails in Action by Glen Smith Peter Ledbrook(7704)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6613)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6601)
Running Windows Containers on AWS by Marcio Morales(6129)
Kotlin in Action by Dmitry Jemerov(5073)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(4941)
Combating Crime on the Dark Web by Nearchos Nearchou(4522)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4421)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4381)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4192)
The Age of Surveillance Capitalism by Shoshana Zuboff(3961)
Python for Security and Networking - Third Edition by José Manuel Ortega(3764)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3513)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3429)
Mastering Python for Networking and Security by José Manuel Ortega(3348)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3337)
Blockchain Basics by Daniel Drescher(3305)
Learn Wireshark by Lisa Bock(3305)
