The virtual construct of a “container” is a normal Linux process at its core that largely runs in isolation from the rest of the system using certain kernel components. This makes containers lighter but more vulnerable than virtual machines (VMs). To reduce this vulnerability to attack, the container runtimes offer a variety of settings whose default values strike a compromise between usability and security.Read more
Archive of posts in year '2020'
Scroll down to see more ...
The first part of this series demonstrated the use cases and benefits of delivering presentations with reveal.js. They are Docs As Code, and therefore they can be subjected to versioning management and of course delivered via Continuous Delivery. Furthermore, we demonstrate how the Jenkins pipelines can be used to deploy to GitHub Pages using a model concrete implementation. This article demonstrates additional alternatives for deployment (Sonatype Nexus and Kubernetes), while the general structure of the `Jenkinsfile` remains the same.Read more
In a Kubernetes cluster, everything (nodes, pods, Kubelets, etc.) can communicate with each other by default. If an attacker succeeds in exploiting a security vulnerability in one of the applications, he can easily expand his attack to all underlying systems in the same cluster. You can restrict this vulnerability using the on-board network policy features found in Kubernetes.Read more