Security is a basic requirement of modern applications, and developers are increasingly using containers in their development work. In this presentation, we explore the basic components of secure design (preparation, detection, and containment), how containers facilitate that work today (verification), and how container orchestration ought to support models of the future, especially ones that are hard to roll manually (PKI).
5. Container Hosts
Container
Container
Preparation: Reducing Exposure
Traditional Model
Extra Work to Configure Firewalls
Containers Model
Explicit Services Made Public
Server or
Virtual Machine
Port 23 (Telnet)
Port 22 (SSH)
Port 80 (HTTP)
Port 443 (HTTPS)
Port 80 (HTTP)
Port 443 (HTTPS)
KubeIngress
6. Preparation: Patching with Rolling Updates
Container Hosts
Container
(Old)
KubeIngress
HTTPS
Container Hosts
Container
(New)
KubeIngress
HTTPS
Container
(Old)