Quick Dive into Containers, Kubernetes and Security

Needing to get quickly up to speed with containers, Kubernetes and security for work but have been putting it off for a while? Why do today what you can put off until tomorrow? You’re not alone. Being a security manager, my day-to-day responsibilities sometimes take me away from the need to plan for the future as well as keep up my technical chops. So documenting my quick dive into containers and their application in security kills two birds.

As with any educational pursuit, creating a solid foundation from which to build is the key.  That meant understanding what containers are, why they are needed, the security benefits and some key definitions. So let’s begin.

So what are containers? 

I attempted to google a one word sentence to quickly understand a container; this was fruitless.

After researching for a while, combining numerous results into a simple explanation led to this:

Sponsorships Available

Sponsorships Available

Sponsorships Available

“A common problem is having to worry about running applications, say a web site, on different computing environments that may not have everything to run that site, say a web server and a database. This is done by packaging all of the requirements for your application inside of a single self-contained entity. Everything then runs inside its own custom runtime environment called a container.”

This sounds like normal software that you download and run, but containers go a step further and can be thought of as similar to virtual machines but stripped down. And even better, this can include the networking as well. A very well-known container platform is Docker. They describe the technology as a way to “package software into standardized units for development, shipment and deployment.”

Docker further explains, “A container image is a lightweight, stand-alone, executable package of a piece of software that includes (Read more...)