February 2021
Beginner to intermediate
252 pages
5h 36m
Korean
Content preview from 컨테이너 보안: 컨테이너화된 응용 프로그램의 보안을 위한 개념, 이론, 대응법과 모범 관행까지
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
제
9
장
컨테이너 격리 깨기
176
9.7
요약
이번 장에서는 컨테이너가 흔히 제공하는 수준의 격리가 잘못된 설정과 관행으로 침해되는 여
러 방법을 살펴보았다.
모든 설정 옵션에는 나름의 용도와 근거가 있다. 예를 들어 응용 프로그램에 따라서는 호스
트의 디렉터리를 컨테이너 안에 마운팅하는 것이 꼭 필요하거나 대단히 유용한 기능일 수 있으
며, 컨테이너를 루트로 실행하거나 심지어
--
privileged
플래그를 지정해서 추가적인 능력
들을 부여하는 것 역시 꼭 필요한 일일 수 있다. 그렇지만 보안을 위해서는 그런 잠재적으로 위
험한 설정들을 최소한으로만 사용하는 것이, 그리고 그런 설정들이 적용되는 경우를 탐지하고
보고하는 도구들을 채용하는 것이 바람직하다.
다중 입주 환경을 사용하는 경우에는 이런 잠재적으로 위험한 설정을 가진 컨테이너를 더욱
세심하게 점검해야 한다.
--
privileged
플래그로 실행된 컨테이너는 같은 호스트의 다른 모
든 컨테이너에 얼마든지 접근할 수 있다. 이 점은 같은 쿠버네티스 이름공간에서 실행되는지의
여부 같은 상대적으로 피상적인 보안 통제와는 무관하다.
§
9
.
6
사이드카 컨테이너 (
p
.175
)에서 네트워킹 기능성의 일부를 담당하는 서비스 메시를
언급했으니만큼, 제
10
장에서 컨테이너의 네트워킹을 본격적으로 살펴보기로 하자.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.