15 Implementing Strict Confinement for Isolated Containers

In the previous chapter, we looked at how to build secure containers using Kata Containers and how to improve workload isolation with hardware virtualization technology. We also discussed the best practices for securing your production-grade cluster with containers. The MicroK8s add-on option has also made it easier to activate Kata Containers, which can significantly increase the security and isolation of your container operations.

In this chapter, we will take a look at another approach to isolation using snap confinement options to run containers in complete isolation, meaning no access to files, networks, processes, or any other system resource without requesting specific access ...

Get IoT Edge Computing with MicroK8s now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

IoT Edge Computing with MicroK8s by Karthikeyan Shanmugam

15

Implementing Strict Confinement for Isolated Containers

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly