logo
securityArticlesConferencesPresentations

Panel Discussion: Say Hi to the New Couple in the Town – DockerSlim and Kyverno – Making Your Kubernetes Workloads More Secure!

Conference:  Cloud Native SecurityCon North America 2022

2022-10-25

Authors:   Mritunjay Sharma, Shuting Zhao, Ruhika Bulani

Summary

The panel discussion focuses on the intersection of Kyverno and DockerSlim in making Kubernetes workloads more secure.
  • Containers have become the norm as cloud adoption increases sharply.
  • Developers face challenges in making containers production-ready and secure.
  • Kyverno and DockerSlim are two projects that address these challenges.
  • Kyverno provides policies that act as a contract for shared environments like Kubernetes.
  • DockerSlim helps in minifying container images and automating the creation of AppArmor and SecComp profiles.
  • The combination of Kyverno and DockerSlim makes cluster security management easier and more efficient.
The speakers discuss how containers are nothing but processors running on servers and are isolated against the Linux kernel but not from it. They also highlight the importance of reducing the surface area of attack and enforcing the number of syscalls that a container can access. They explain how DockerSlim helps in reducing container size and creating security profiles that filter out unnecessary syscalls. They also emphasize how Kyverno's policies act as a contract for shared environments like Kubernetes, making cluster security management easier and more efficient.

Abstract

Want to minify your container image? Or let's go ahead; ever thought of automating the creation of your container's AppArmor and SecComp profiles? Okay, wait, let us surprise you even more; what if you get all the above and a way to administer their control in the K8s cluster! Yes, you heard it right, Unveiling to you the intersection of Kyverno and DockerSlim! This panel by Shuting, Ruhika, and Mritunjay will demonstrate how these two projects are making the lifecycle of the software supply chain more secure. Kyverno's policies leveraged with DockerSlim's combo of minified image and the auto-generated Seccomp profile will make your cluster security management just another YAML chore without you being a Linux syscalls expert!
Materials:
Tags:
container images
minification
AppArmor
SecComp
Kyverno

Post a comment

Related work

Unravelling the Magical Act of DockerSlim Minifying Container Images

Conference:  ContainerCon 2022
Authors: Mritunjay Sharma
2022-06-23

Keynote: MLOps on Highly Sensitive Data - Strict Confinement, Confidential Computing, and Tokenization Protecting Privacy

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Maciej Mazur, Andreea Munteanu
2023-04-20

Container Is the New VM: The Paradigm Change No One Explained to You

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Rodrigo Campos Catelin, Marga Manterola
2023-04-20

Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All

Conference:  Black Hat USA 2022
Authors:
2022-08-11