January 2018
Beginner to intermediate
624 pages
19h 23m
English
Content preview from Kubernetes in ActionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 13. Securing cluster nodes and the network
This chapter covers
- Using the node’s default Linux namespaces in pods
- Running containers as different users
- Running privileged containers
- Adding or dropping a container’s kernel capabilities
- Defining security policies to limit what pods can do
- Securing the pod network
In the previous chapter, we talked about securing the API server. If an attacker gets access to the API server, they can run whatever they like by packaging their code into a container image and running it in a pod. But can they do any real damage? Aren’t containers isolated from other containers and from the node they’re running on?
Not necessarily. In this chapter, you’ll learn how to allow pods to access the resources of the ...