Container Security by Liz Rice
Author:Liz Rice [Liz Rice]
Language: eng
Format: epub
Publisher: O'Reilly Media, Inc.
Published: 2020-06-24T16:00:00+00:00
Image deployment security
The main security concern at deployment time is ensuring that the correct image gets pulled and run, although there are additional checks you might want to make through what is called Admission Control.
Deploying the right image
As you saw in “Identifying images”, container image tags are not immutable - they are can be moved to different versions of the same image. Referring to images by their digest, rather than by tag, can help ensure that the image is the version that you think it is. However, if your build system tags images with semantic versioning, and this is strictly adhered to, this may be sufficient and easier to manage since you don’t necessarily have to update the image reference for every minor update.
If you refer to images by tag, you should always pull the latest version before running in case there has been an update. Fortunately, this is relatively efficient since the image manifest is retrieved first, and image layers only have to be retrieved if they have changed.
In Kubernetes this is defined by the imagePullPolicy. An image policy to pull every time is unnecessary if you refer to images by digest, since any update would mean you have to change the digest.
Depending on your risk profile you may also want to check the provenance of the image by checking for an image signature managed by a tool like the aforementioned Notary.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7424)
Grails in Action by Glen Smith Peter Ledbrook(7316)
Kotlin in Action by Dmitry Jemerov(4666)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4145)
The Age of Surveillance Capitalism by Shoshana Zuboff(3445)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3265)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3039)
Mastering Python for Networking and Security by José Manuel Ortega(2981)
Blockchain Basics by Daniel Drescher(2907)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(2787)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(2683)
TCP IP by Todd Lammle(2656)
Azure Containers Explained by Wesley Haakman & Richard Hooper(2573)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2495)
Hands-On Azure for Developers by Kamil Mrzyglod(2445)
React Native - Building Mobile Apps with JavaScript by Novick Vladimir(2349)
Combating Crime on the Dark Web by Nearchos Nearchou(2349)
The Social Psychology of Inequality by Unknown(2329)
MCSA Windows Server 2016 Study Guide: Exam 70-740 by William Panek(2322)