Basics of container security
Container security is a deep subject area and in itself can fill its own book. Having said this, we will cover some of the high-level concerns and give you a starting point so that you can start thinking about this area.
In the A brief overview of containers section of Chapter 1, Introduction to Kubernetes, we looked at some of the core isolation features in the Linux kernel that enable container technology. Understanding the details of how containers work is the key to grasping the various security concerns in managing them.
A good paper to dive deeper is NCC's Whitepaper, Understanding and Hardening Linux Containers. In section 7, the paper explores the various attack vectors of concern for container deployments, which I will summarize.
Keeping containers contained
One of the most obvious features that is discussed in the paper we mentioned in the preceding section is that of escaping the isolation/virtualization of the container construct. Modern container...
