February 2021
Beginner to intermediate
252 pages
5h 36m
Korean
Content preview from 컨테이너 보안: 컨테이너화된 응용 프로그램의 보안을 위한 개념, 이론, 대응법과 모범 관행까지
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
제
1
장
컨테이너 보안 위협
32
1.4.3
컨테이너 다중 입주
제
4
장에서 보겠지만 컨테이너들 사이의 격리는
VM
들 사이의 격리보다는 약하다. 위협 프로파
일에 따라 다르겠지만, 일반적으로 여러분의 컨테이너를 여러분이 신뢰하지 않는 사용자나 집
단의 컨테이너와 같은 컴퓨터에서 실행하는 것은 바람직하지 않다.
그리고 같은 컴퓨터에서 실행되는 모든 컨테이너가 여러분의 것 또는 여러분이 믿는 사람의
것이라고 해도, 누군가의 실수(사람은 항상 실수를 저지른다)가 야기하는 위험을 완화하기 위
해서는 컨테이너들이 서로 간섭하지 않게 만드는 데 신경을 써야 한다.
쿠버네티스에서는
이름공간
(
namespace
)을 이용해서 한 클러스터의 컴퓨터들을 서로 다른
개인, 팀, 응용 프로그램에 분할할 수 있다.
참고:
‘이름공간’은 문맥에 따라 여러 가지 뜻으로 쓰인다. 쿠버네티스에서 이름공간은 쿠버네티스 접근 제
어 설정이 서로 다른 클러스터 자원들을 분할하는 데 쓰이는 고수준 추상이다. 리눅스에서 이름공간은 프
로세스가 인식하는 컴퓨터 자원들을 격리하기 위한 저수준 메커니즘이다. 리눅스의 이름공간에 관해서는
제
4
장에서 좀 더 자세히 살펴본다.
사용자 역할 기반 접근 제어(
role
-
based
access
control
,
RBAC
)는 서로 다른 쿠버네티
스 이름공간들에 대한 사용자와 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.