Securing
Docker Containers
Kubernetes just
does that, right?
by Rob Richardson
About Me
Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He's a frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development. You can find this and other talks on https://robrich.org/presentations and follow him on twitter at @rob_rich.
Doesn't Kubernetes
just do this for me?
What is Docker?
Docker is an ecosystem around Container Virtualization
What are Containers?
Light-weight kernel virtualization
What is Docker?
A suite of command-line tools for
creating, running, and sharing containers
Containers vs VMs
Source: http://www.zdnet.com/article/what-is-docker-and-why-is-it-so-darn-popular/
Download: https://robrich.org/slides/welcome-to-docker/docker-ecosystem.pdf
What is Kubernetes?
source: https://vitalflux.com/quick-glance-at-kubernetes-architectural-building-blocks/
Securing a Docker Linux machine is no different than securing any other Linux machine
- Me ... right now
How to secure a Linux machine
How to secure a Linux container
Securing Docker Containers
Fully patch all software
Encrypt communications
Use Istio side-car proxy
source: medium.com/google-cloud/simplifying-microservices-with-istio-in-google-kubernetes-engine-part-i-849555f922b8
Store secrets safely
Securing a Docker Linux machine is no different than securing any other Linux machine
Do it