@rob_rich

Securing
Docker Containers

Kubernetes just
does that, right?

by Rob Richardson

@rob_rich

https://robrich.org/

About Me

Rob Richardson is a software craftsman building web properties in ASP.NET and Node, Angular and Vue. He's a frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development. You can find this and other talks on his blog at https://robrich.org/presentations and follow him on twitter at @rob_rich.

Doesn't Kubernetes
just do this for me?

What is Docker?

Docker is an ecosystem around Container Virtualization

What are Containers?

Light-weight kernel virtualization

What is Docker?

A suite of command-line tools for
creating, running, and sharing containers

Containers vs VMs

vm vs container

Source: http://www.zdnet.com/article/what-is-docker-and-why-is-it-so-darn-popular/

docker ecosystem

Download: https://robrich.org/slides/welcome-to-docker/docker-ecosystem.pdf

What is Kubernetes?

Kubernetes

source: https://vitalflux.com/quick-glance-at-kubernetes-architectural-building-blocks/

Securing a Docker Linux machine is no different than securing any other Linux machine

- Me ... right now

How to secure a Linux machine

How to secure a Linux container

Securing Docker Containers

Fully patch all software

Encrypt communications

Use Istio side-car proxy

Istio architecture source: medium.com/google-cloud/simplifying-microservices-with-istio-in-google-kubernetes-engine-part-i-849555f922b8

Store secrets safely

Securing a Docker Linux machine is no different than securing any other Linux machine

Do it