supply-chain-security.pdf kubernetes suppy chain
akdenizerdem
25 views
51 slides
Jun 09, 2024
Slide 1 of 51
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
About This Presentation
kubernetes
Slide Content
Copyright © 2021 KodeKloudwww.kodekloud.com
www.kodekloud.com
cks.kodekloud.com
www.kodekloud.com
cks.kodekloud.com
Copyright © 2021 KodeKloudwww.kodekloud.com
Disclaimer
THE INFORMATION FOUND ON THE WEBSITE, E-LEARNING PLATFORM AND
WITHIN THE ONLINE COURSES ARE FOR INFORMATIONAL PURPOSES
ONLY.KODEKLOUD WILL NOT BE HELD RESPONSIBLE FOR ANY DAMAGES
THAT MAY BE INCURRED BY YOU AS A RESULT OF YOUR USE OF SUCH
INFORMATION. ALL INFORMATION AND CONTENT ON THE WEBSITE, E-
LEARNING PLATFORM AND ONLINE COURSE IS COPYRIGHTED, AND MAY NOT
BE REPUBLISHED, COPIED, SOLD OR POSTED ANYWHERE ONLINE OR IN PRINT.
KODEKLOUD RESERVES THE RIGHT TO TAKE THE NECESSARY LEGAL ACTION
TO PREVENT YOU FROM (RE)-PUBLISHING, COPYING, SELLING, POSTING OR
PRINTING ANY COPYRIGHTED INFORMATION AND CONTENT AVAILABLE ON
THE WEBSITE, E-LEARNING PLATFORM AND ONLINE COURSE.
For the full terms & conditions visit terms.kodekloud.com
For questions write to [email protected]
Disclaimer
THE INFORMATION FOUND ON THE WEBSITE, E-LEARNING PLATFORM AND
WITHIN THE ONLINE COURSES ARE FOR INFORMATIONAL PURPOSES
ONLY.KODEKLOUD WILL NOT BE HELD RESPONSIBLE FOR ANY DAMAGES
THAT MAY BE INCURRED BY YOU AS A RESULT OF YOUR USE OF SUCH
INFORMATION. ALL INFORMATION AND CONTENT ON THE WEBSITE, E-
LEARNING PLATFORM AND ONLINE COURSE IS COPYRIGHTED, AND MAY NOT
BE REPUBLISHED, COPIED, SOLD OR POSTED ANYWHERE ONLINE OR IN PRINT.
KODEKLOUD RESERVES THE RIGHT TO TAKE THE NECESSARY LEGAL ACTION
TO PREVENT YOU FROM (RE)-PUBLISHING, COPYING, SELLING, POSTING OR
PRINTING ANY COPYRIGHTED INFORMATION AND CONTENT AVAILABLE ON
THE WEBSITE, E-LEARNING PLATFORM AND ONLINE COURSE.
For the full terms & conditions visit terms.kodekloud.com
For questions write to [email protected]
Copyright © 2021 KodeKloudwww.kodekloud.com
Notice
•This presentation is to refer to course contents only.
•Some of the slides are meant to be animated. So may not be displayed correctly.
•Do not copy and paste command, code or YAML files from this file as it may not be in the
right format and may contain hidden characters
•For code refer to the solutions in the lab or the Git repository associated with this course or
official Kubernetes documentation pages.
•Some of the code in this deck maybe hidden for brevity
https://github.com/kodekloudhub/certified-kubernetes-security-specialist-cks-course
Notice
•This presentation is to refer to course contents only.
•Some of the slides are meant to be animated. So may not be displayed correctly.
•Do not copy and paste command, code or YAML files from this file as it may not be in the
right format and may contain hidden characters
•For code refer to the solutions in the lab or the Git repository associated with this course or
official Kubernetes documentation pages.
•Some of the code in this deck maybe hidden for brevity
https://github.com/kodekloudhub/certified-kubernetes-security-specialist-cks-course
Copyright © 2021 KodeKloudwww.kodekloud.com
4
Minimize Base
Image Footprint
4
Minimize Base
Image Footprint
Copyright © 2021 KodeKloudwww.kodekloud.com
Base vs Parent Image
Dockerfile–My Custom Webapp
FROMhttpd
COPYindex.htmlhtdocs/index.html
My Custom WebApp
httpd(Parent)
Parent
Base vs Parent Image
Dockerfile–My Custom Webapp
FROMhttpd
COPYindex.htmlhtdocs/index.html
My Custom WebApp
httpd(Parent)
Parent
Copyright © 2021 KodeKloudwww.kodekloud.com
Base vs Parent Image
FROMhttpd
COPYindex.htmlhtdocs/index.html
Parent
Dockerfile-httpd
FROMdebian:buster-slim
ENVHTTPD_PREFIX /usr/local/apache2
ENVPATH $HTTPD_PREFIX/bin:$PATH
WORKDIR$HTTPD_PREFIX
<content trimmed>
debian
My Custom WebApp
httpd(Parent)
Dockerfile–My Custom Webapp
Base vs Parent Image
FROMhttpd
COPYindex.htmlhtdocs/index.html
Parent
Dockerfile-httpd
FROMdebian:buster-slim
ENVHTTPD_PREFIX /usr/local/apache2
ENVPATH $HTTPD_PREFIX/bin:$PATH
WORKDIR$HTTPD_PREFIX
<content trimmed>
debian
My Custom WebApp
httpd(Parent)
Dockerfile–My Custom Webapp
Copyright © 2021 KodeKloudwww.kodekloud.com
Base vs Parent Image
FROMhttpd
COPYindex.htmlhtdocs/index.html
Parent
FROMdebian:buster-slim
ENVHTTPD_PREFIX /usr/local/apache2
ENVPATH $HTTPD_PREFIX/bin:$PATH
WORKDIR$HTTPD_PREFIX
<content trimmed>
Dockerfile-debian:buster-slim
FROMscratch
ADDrootfs.tar.xz/
CMD["bash"]
Base
Dockerfile-httpd
scratch
(Base)debian
My Custom WebApp
httpd(Parent)
Dockerfile–My Custom Webapp
Base vs Parent Image
FROMhttpd
COPYindex.htmlhtdocs/index.html
Parent
FROMdebian:buster-slim
ENVHTTPD_PREFIX /usr/local/apache2
ENVPATH $HTTPD_PREFIX/bin:$PATH
WORKDIR$HTTPD_PREFIX
<content trimmed>
Dockerfile-debian:buster-slim
FROMscratch
ADDrootfs.tar.xz/
CMD["bash"]
Base
Dockerfile-httpd
scratch
(Base)debian
My Custom WebApp
httpd(Parent)
Dockerfile–My Custom Webapp
Copyright © 2021 KodeKloudwww.kodekloud.com
Modular
Modular
Copyright © 2021 KodeKloudwww.kodekloud.com
Modular
Modular
Copyright © 2021 KodeKloudwww.kodekloud.com
Persist State
Persist State
Copyright © 2021 KodeKloudwww.kodekloud.com
Persist State
Persist State
Copyright © 2021 KodeKloudwww.kodekloud.com
Choosing a base image
Dockerfile–My Custom Webapp
FROM??????
COPYindex.htmlhtdocs/index.html
Choosing a base image
Dockerfile–My Custom Webapp
FROM??????
COPYindex.htmlhtdocs/index.html
Copyright © 2021 KodeKloudwww.kodekloud.com
Authenticity
Authenticity
Copyright © 2021 KodeKloudwww.kodekloud.com
Up-to-date
Up-to-date
Copyright © 2021 KodeKloudwww.kodekloud.com
Slim/Minimal Images
1.Create slim/minimal images
2.Find an official minimal image that exists
3.Only install necessary packages
•Remove Shells/Package Managers/Tools
4.Maintain different images for different
environments:
•Development –debug tools
•Production -lean
5.Use multi-stage builds to create lean
production ready images.
Slim/Minimal Images
1.Create slim/minimal images
2.Find an official minimal image that exists
3.Only install necessary packages
•Remove Shells/Package Managers/Tools
4.Maintain different images for different
environments:
•Development –debug tools
•Production -lean
5.Use multi-stage builds to create lean
production ready images.
Copyright © 2021 KodeKloudwww.kodekloud.com
DistrolessDocker Images
https://github.com/GoogleContainerTools/distroless
Contains:
•Application
•Runtime Dependencies
Does not contain:
•Package Managers
•Shells
•Network Tools
•Tex
•Other unwanted programs
DistrolessDocker Images
https://github.com/GoogleContainerTools/distroless
Contains:
•Application
•Runtime Dependencies
Does not contain:
•Package Managers
•Shells
•Network Tools
•Tex
•Other unwanted programs
Copyright © 2021 KodeKloudwww.kodekloud.com
Vulnerability Scanning
httpd (debian10.8)
===================
Total: 124 (UNKNOWN: 0, LOW: 88, MEDIUM: 9, HIGH: 25, CRITICAL: 2)
trivyimage httpd
httpd:alpine(alpine 3.12.4)
============================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
trivyimage httpd:alpine
Vulnerability Scanning
httpd (debian10.8)
===================
Total: 124 (UNKNOWN: 0, LOW: 88, MEDIUM: 9, HIGH: 25, CRITICAL: 2)
trivyimage httpd
httpd:alpine(alpine 3.12.4)
============================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
trivyimage httpd:alpine
Copyright © 2021 KodeKloudwww.kodekloud.com
Hands-on Labs
cks.kodekloud.com
Hands-on Labs
cks.kodekloud.com
Copyright © 2021 KodeKloudwww.kodekloud.com
www.kodekloud.com
www.kodekloud.com
Copyright © 2021 KodeKloudwww.kodekloud.com
20
Whitelist Allowed
Registries
20
Whitelist Allowed
Registries
Copyright © 2021 KodeKloudwww.kodekloud.com
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
-name: sample-app
image: some-registry.io/a-very-vulnerable-image
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
-name: sample-app
image: some-registry.io/a-very-vulnerable-image
Copyright © 2021 KodeKloudwww.kodekloud.com
Admission Controllers
KubectlAuthenticationAuthorizationCreate Pod
Admission
Controllers
AlwaysPullImages
DefaultStorageClass
EventRateLimit
ImagePolicyWebhook
MutatingAdmission
Webhook
ValidatingAdmission
Webhook
Admission
Webhook
Server
Admission Controllers
KubectlAuthenticationAuthorizationCreate Pod
Admission
Controllers
AlwaysPullImages
DefaultStorageClass
EventRateLimit
ImagePolicyWebhook
MutatingAdmission
Webhook
ValidatingAdmission
Webhook
Admission
Webhook
Server
Copyright © 2021 KodeKloudwww.kodekloud.com
Admission Controllers
KubectlAuthenticationAuthorizationCreate Pod
Admission
Controllers
AlwaysPullImages
DefaultStorageClass
EventRateLimit
ImagePolicyWebhook
MutatingAdmission
Webhook
ValidatingAdmission
Webhook
package kubernetes.admission
deny[msg] {
input.request.kind.kind== "Pod"
image := input.request.object.spec.containers[_].image
startswith(image, ”internal-registry.io/")
msg:= sprintf("image not from trusted registry")
}
kubernetes.rego
Admission Controllers
KubectlAuthenticationAuthorizationCreate Pod
Admission
Controllers
AlwaysPullImages
DefaultStorageClass
EventRateLimit
ImagePolicyWebhook
MutatingAdmission
Webhook
ValidatingAdmission
Webhook
package kubernetes.admission
deny[msg] {
input.request.kind.kind== "Pod"
image := input.request.object.spec.containers[_].image
startswith(image, ”internal-registry.io/")
msg:= sprintf("image not from trusted registry")
}
kubernetes.rego
Copyright © 2021 KodeKloudwww.kodekloud.com
Admission Controllers
KubectlAuthenticationAuthorizationCreate Pod
Admission
Controllers
AlwaysPullImages
DefaultStorageClass
EventRateLimit
ImagePolicyWebhook
MutatingAdmission
Webhook
ValidatingAdmission
Webhook
Admission
Webhook
Server
Admission Controllers
KubectlAuthenticationAuthorizationCreate Pod
Admission
Controllers
AlwaysPullImages
DefaultStorageClass
EventRateLimit
ImagePolicyWebhook
MutatingAdmission
Webhook
ValidatingAdmission
Webhook
Admission
Webhook
Server
Copyright © 2021 KodeKloudwww.kodekloud.com
Admission Configuration
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
-name: ImagePolicyWebhook
configuration:
imagePolicy:
kubeConfigFile: <path-to-kubeconfig-file>
allowTTL: 50
denyTTL: 50
retryBackoff: 500
defaultAllow: true
Admission
Webhook
Server
/etc/kubernetes/admission-config.yaml
Admission Configuration
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
-name: ImagePolicyWebhook
configuration:
imagePolicy:
kubeConfigFile: <path-to-kubeconfig-file>
allowTTL: 50
denyTTL: 50
retryBackoff: 500
defaultAllow: true
Admission
Webhook
Server
/etc/kubernetes/admission-config.yaml
Copyright © 2021 KodeKloudwww.kodekloud.com
clusters:
-name: name-of-remote-imagepolicy-service
cluster:
certificate-authority: /path/to/ca.pem
server: https://images.example.com/policy
users:
-name: name-of-api-server
user:
client-certificate: /path/to/cert.pem
client-key: /path/to/key.pem
Admission Configuration
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
-name: ImagePolicyWebhook
configuration:
imagePolicy:
kubeConfigFile: <path-to-kubeconfig-file>
allowTTL: 50
denyTTL: 50
retryBackoff: 500
defaultAllow: true
/etc/kubernetes/admission-config.yaml<path-to-kubeconfig-file>
clusters:
-name: name-of-remote-imagepolicy-service
cluster:
certificate-authority: /path/to/ca.pem
server: https://images.example.com/policy
users:
-name: name-of-api-server
user:
client-certificate: /path/to/cert.pem
client-key: /path/to/key.pem
Admission Configuration
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
-name: ImagePolicyWebhook
configuration:
imagePolicy:
kubeConfigFile: <path-to-kubeconfig-file>
allowTTL: 50
denyTTL: 50
retryBackoff: 500
defaultAllow: true
/etc/kubernetes/admission-config.yaml<path-to-kubeconfig-file>
Copyright © 2021 KodeKloudwww.kodekloud.com
Enable Admission Controllers
ExecStart=/usr/local/bin/kube-apiserver\\
--advertise-address=${INTERNAL_IP} \\
--allow-privileged=true \\
--apiserver-count=3 \\
--authorization-mode=Node,RBAC\\
--bind-address=0.0.0.0 \\
--enable-swagger-ui=true \\
--etcd-servers=https://127.0.0.1:2379 \\
--event-ttl=1h \\
--runtime-config=api/all \\
--service-cluster-ip-range=10.32.0.0/24 \\
--service-node-port-range=30000-32767 \\
--v=2
kube-apiserver.service
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
name: kube-apiserver
namespace: kube-system
spec:
containers:
-command:
-kube-apiserver
---authorization-mode=Node,RBAC
---advertise-address=172.17.0.107
---allow-privileged=true
---enable-bootstrap-token-auth=true
image: k8s.gcr.io/kube-apiserver-amd64:v1.11.3
name: kube-apiserver
/etc/kubernetes/manifests/kube-apiserver.yaml
--enable-admission-plugins=ImagePolicyWebhook---enable-admission-plugins=ImagePolicyWebhook--admission-control-config-file=/etc/kubernetes/admission-config.yaml---admission-control-config-file=/etc/kubernetes/admission-config.yaml
Enable Admission Controllers
ExecStart=/usr/local/bin/kube-apiserver\\
--advertise-address=${INTERNAL_IP} \\
--allow-privileged=true \\
--apiserver-count=3 \\
--authorization-mode=Node,RBAC\\
--bind-address=0.0.0.0 \\
--enable-swagger-ui=true \\
--etcd-servers=https://127.0.0.1:2379 \\
--event-ttl=1h \\
--runtime-config=api/all \\
--service-cluster-ip-range=10.32.0.0/24 \\
--service-node-port-range=30000-32767 \\
--v=2
kube-apiserver.service
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
name: kube-apiserver
namespace: kube-system
spec:
containers:
-command:
-kube-apiserver
---authorization-mode=Node,RBAC
---advertise-address=172.17.0.107
---allow-privileged=true
---enable-bootstrap-token-auth=true
image: k8s.gcr.io/kube-apiserver-amd64:v1.11.3
name: kube-apiserver
/etc/kubernetes/manifests/kube-apiserver.yaml
--enable-admission-plugins=ImagePolicyWebhook---enable-admission-plugins=ImagePolicyWebhook--admission-control-config-file=/etc/kubernetes/admission-config.yaml---admission-control-config-file=/etc/kubernetes/admission-config.yaml
Copyright © 2021 KodeKloudwww.kodekloud.com
References
https://kubernetes.io/docs/reference/access-authn-authz/admission-
controllers/#imagepolicywebhook
References
https://kubernetes.io/docs/reference/access-authn-authz/admission-
controllers/#imagepolicywebhook
Copyright © 2021 KodeKloudwww.kodekloud.com
Hands-on Labs
cks.kodekloud.com
Hands-on Labs
cks.kodekloud.com
Copyright © 2021 KodeKloudwww.kodekloud.com
www.kodekloud.com
www.kodekloud.com
Copyright © 2021 KodeKloudwww.kodekloud.com
31
Use static
analysis of user
workloads
31
Use static
analysis of user
workloads
Copyright © 2021 KodeKloudwww.kodekloud.com
KubectlAuthenticationAuthorizationCreate PodAdmission Controllers
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
securityContext:
privileged: True
runAsUser: 0
containers:
-name: ubuntu
image: ubuntu
command: ["sleep", "3600"]
capabilities:
add: [”CAP_SYS_BOOT"]
volumes:
-name: data-volume
hostPath:
path: /data
type: Directory
KubectlAuthenticationAuthorizationCreate PodAdmission Controllers
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
securityContext:
privileged: True
runAsUser: 0
containers:
-name: ubuntu
image: ubuntu
command: ["sleep", "3600"]
capabilities:
add: [”CAP_SYS_BOOT"]
volumes:
-name: data-volume
hostPath:
path: /data
type: Directory
Copyright © 2021 KodeKloudwww.kodekloud.com
Static Analysis of User Workloads
KubectlAuthenticationAuthorization
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
securityContext:
privileged: True
runAsUser: 0
containers:
-name: ubuntu
image: ubuntu
command: ["sleep", "3600"]
capabilities:
add: [”CAP_SYS_BOOT"]
volumes:
-name: data-volume
hostPath:
path: /data
type: Directory
Create FileAnalyze files
Static Analysis of User Workloads
KubectlAuthenticationAuthorization
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
securityContext:
privileged: True
runAsUser: 0
containers:
-name: ubuntu
image: ubuntu
command: ["sleep", "3600"]
capabilities:
add: [”CAP_SYS_BOOT"]
volumes:
-name: data-volume
hostPath:
path: /data
type: Directory
Create FileAnalyze files
Copyright © 2021 KodeKloudwww.kodekloud.com
kubesec
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
securityContext:
privileged: True
runAsUser: 0
containers:
-name: ubuntu
image: ubuntu
command: ["sleep", "3600"]
capabilities:
add: [”CAP_SYS_BOOT"]
volumes:
-name: data-volume
hostPath:
path: /data
type: Directory
https://kubesec.io/
kubesec
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
securityContext:
privileged: True
runAsUser: 0
containers:
-name: ubuntu
image: ubuntu
command: ["sleep", "3600"]
capabilities:
add: [”CAP_SYS_BOOT"]
volumes:
-name: data-volume
hostPath:
path: /data
type: Directory
https://kubesec.io/
Copyright © 2021 KodeKloudwww.kodekloud.com
kubesec
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
securityContext:
privileged: True
runAsUser: 0
containers:
-name: ubuntu
image: ubuntu
command: ["sleep", "3600"]
capabilities:
add: [”CAP_SYS_BOOT"]
volumes:
-name: data-volume
hostPath:
path: /data
type: Directory
kubesec
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
securityContext:
privileged: True
runAsUser: 0
containers:
-name: ubuntu
image: ubuntu
command: ["sleep", "3600"]
capabilities:
add: [”CAP_SYS_BOOT"]
volumes:
-name: data-volume
hostPath:
path: /data
type: Directory
Copyright © 2021 KodeKloudwww.kodekloud.com
kubesec
kubesecscan pod.yaml
curl -sSXPOST --data-binary @”pod.yaml" https://v2.kubesec.io/scan
kubesechttp 8080 &
kubesec
kubesecscan pod.yaml
curl -sSXPOST --data-binary @”pod.yaml" https://v2.kubesec.io/scan
kubesechttp 8080 &
Copyright © 2021 KodeKloudwww.kodekloud.com
Hands-on Labs
cks.kodekloud.com
Hands-on Labs
cks.kodekloud.com
Copyright © 2021 KodeKloudwww.kodekloud.com
www.kodekloud.com
www.kodekloud.com
Copyright © 2021 KodeKloudwww.kodekloud.com
39
Scan Images for
Known
Vulnerabilities
39
Scan Images for
Known
Vulnerabilities
Copyright © 2021 KodeKloudwww.kodekloud.com
Common Vulnerabilities and Exposures (CVE)
https://cve.mitre.org/
Common Vulnerabilities and Exposures (CVE)
https://cve.mitre.org/
Copyright © 2021 KodeKloudwww.kodekloud.com
Common Vulnerabilities and Exposures (CVE)
View Payroll of All Employees
Common Vulnerabilities and Exposures (CVE)
View Payroll of All Employees
Copyright © 2021 KodeKloudwww.kodekloud.com
CVE Severity Scores
012345678910
CVE Severity Scores
012345678910
Copyright © 2021 KodeKloudwww.kodekloud.com
CVE Severity Scores
CVE Severity Scores
Copyright © 2021 KodeKloudwww.kodekloud.com
CVE Scanner
CVE Scanner
Copyright © 2021 KodeKloudwww.kodekloud.com
Trivy
https://aquasecurity.github.io/trivy/latest/installation/
Trivy
https://aquasecurity.github.io/trivy/latest/installation/
Copyright © 2021 KodeKloudwww.kodekloud.com
Trivy
trivyimage nginx:1.18.0
Trivy
trivyimage nginx:1.18.0
Copyright © 2021 KodeKloudwww.kodekloud.com
Trivy
trivyimage --severity CRITICALnginx:1.18.0
trivyimage --severity CRITICAL,HIGHnginx:1.18.0
trivyimage --ignore-unfixed nginx:1.18.0
docker save nginx:1.18.0 > nginx.tar
trivyimage --input archive.tar
Trivy
trivyimage --severity CRITICALnginx:1.18.0
trivyimage --severity CRITICAL,HIGHnginx:1.18.0
trivyimage --ignore-unfixed nginx:1.18.0
docker save nginx:1.18.0 > nginx.tar
trivyimage --input archive.tar
Copyright © 2021 KodeKloudwww.kodekloud.com
Trivy
nginx:1.18.0nginx:1.18.0-alpine
Trivy
nginx:1.18.0nginx:1.18.0-alpine
Copyright © 2021 KodeKloudwww.kodekloud.com
Best Practices
•Continuously rescan images
•Kubernetes Admission Controllers to scan images
•Have your own repository with pre-scanned images ready to go
•Integrate scanning into your CI/CD pipeline
Best Practices
•Continuously rescan images
•Kubernetes Admission Controllers to scan images
•Have your own repository with pre-scanned images ready to go
•Integrate scanning into your CI/CD pipeline
Copyright © 2021 KodeKloudwww.kodekloud.com
Hands-on Labs
cks.kodekloud.com
Hands-on Labs
cks.kodekloud.com
Copyright © 2021 KodeKloudwww.kodekloud.com
www.kodekloud.com
www.kodekloud.com
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 25
- Slides 51
- Age 542 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
34 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
28 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views