Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Content provided by Red Hat OpenShift. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Red Hat OpenShift or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to PodCTL - Enterprise Kubernetes
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
A podcast about web design and development.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Android App Addicts - Podnutz
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Security: Hosts, Registries, Content and Pipelines
Manage episode 204322901 series 2285897
Content provided by Red Hat OpenShift. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Red Hat OpenShift or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Show: 14
Show Overview: Brian and Tyler talk address some of the many layers of security required in a container environment. This show will be part of a series on container and Kubernetes security. They look at security requirement in the Container Host, Container Content, Container Registry, and Software Build Processes.
Show Notes and News:
- 10 Layers of Container Security
- Google, VMware and Pivotal announced a Hybrid Cloud partnership with Kubernetes
- Google and Cisco announced a Hybrid Cloud partnership with Kubernetes (and more)
- Docker adds support for Kubernetes to DockerEE
- Rancher makes Kubernetes the primary orchestrator
- Microsoft announces new Azure Container Service, AKS
- Oracle announced Kubernetes on Oracle Linux (and some installers)
- Heptio announces new tools
Topic 1 - Let’s start at the bottom of the stack with the security needed on a container host.
- Linux namespaces - isolation
- Linux capabilities and SECCOMP - restrict routes, ports, limiting process calls
- SELinux (or AppArmor) - mandatory access controls
- cGroups - resource management
Topic 2 - Next in the stack, or outside the stack, is the sources of container content.
- Trusted sources (known registries vs. public registries (e.g. DockerHub)
- Scanning the content of containers
- Managing the versions, patches of container content
Topic 3 - Once we have the content (applications), we need a secure place to store and access it - container registries.
- Making a registry highly-available
- Who manages and audits the registry?
- How to scan container within a container?
- How to cryptographically sign images?
- Identifying known registries
- Process for managing the content in a registry (tagging, versioning/naming, etc)
- Automated policies (patch management, getting new content, etc.)
Topic 4 - Once we have secure content (building blocks) and a secure place to store the container images, we need to think about a secure supply chain of the software - the build process.
- Does a platform require containers, or can it accept code? Can it manage secure builds?
- How to build automated triggers for builds? How to audit those triggers (webhooks, etc.)?
- How to validate / scan / test code at different stages of a pipeline? (static analysis, dynamic analysis, etc.)
- How to promote images to a platform? (automated, manual promotion, etc.)
Feedback?
- Email: PodCTL at gmail dot com
- Twitter: @PodCTL
- Web: http://podctl.com
89 episodes
Share
Manage episode 204322901 series 2285897
Content provided by Red Hat OpenShift. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Red Hat OpenShift or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Show: 14
Show Overview: Brian and Tyler talk address some of the many layers of security required in a container environment. This show will be part of a series on container and Kubernetes security. They look at security requirement in the Container Host, Container Content, Container Registry, and Software Build Processes.
Show Notes and News:
- 10 Layers of Container Security
- Google, VMware and Pivotal announced a Hybrid Cloud partnership with Kubernetes
- Google and Cisco announced a Hybrid Cloud partnership with Kubernetes (and more)
- Docker adds support for Kubernetes to DockerEE
- Rancher makes Kubernetes the primary orchestrator
- Microsoft announces new Azure Container Service, AKS
- Oracle announced Kubernetes on Oracle Linux (and some installers)
- Heptio announces new tools
Topic 1 - Let’s start at the bottom of the stack with the security needed on a container host.
- Linux namespaces - isolation
- Linux capabilities and SECCOMP - restrict routes, ports, limiting process calls
- SELinux (or AppArmor) - mandatory access controls
- cGroups - resource management
Topic 2 - Next in the stack, or outside the stack, is the sources of container content.
- Trusted sources (known registries vs. public registries (e.g. DockerHub)
- Scanning the content of containers
- Managing the versions, patches of container content
Topic 3 - Once we have the content (applications), we need a secure place to store and access it - container registries.
- Making a registry highly-available
- Who manages and audits the registry?
- How to scan container within a container?
- How to cryptographically sign images?
- Identifying known registries
- Process for managing the content in a registry (tagging, versioning/naming, etc)
- Automated policies (patch management, getting new content, etc.)
Topic 4 - Once we have secure content (building blocks) and a secure place to store the container images, we need to think about a secure supply chain of the software - the build process.
- Does a platform require containers, or can it accept code? Can it manage secure builds?
- How to build automated triggers for builds? How to audit those triggers (webhooks, etc.)?
- How to validate / scan / test code at different stages of a pipeline? (static analysis, dynamic analysis, etc.)
- How to promote images to a platform? (automated, manual promotion, etc.)
Feedback?
- Email: PodCTL at gmail dot com
- Twitter: @PodCTL
- Web: http://podctl.com
89 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to PodCTL - Enterprise Kubernetes
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
A podcast about web design and development.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Android App Addicts - Podnutz
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
