mhausenblas
commented
5 years ago This is again an excellent proposal @raesene and I'm wondering if I can talk you into actually contributing to the book, directly? :)
Open raesene opened 5 years ago
mhausenblas
commented
5 years ago This is again an excellent proposal @raesene and I'm wondering if I can talk you into actually contributing to the book, directly? :)
raesene
commented
5 years ago I'd be happy to try and help out :) With things like this I wasn't too sure if you'd want them put directly into the text, so issues seemed like a good bet.
If there's a placeholder for where you'd like stuff I could look at fleshing out this and the capabilities piece as I get time.
mhausenblas
commented
5 years ago ping @raesene … we planned to get a 0.1 out next week, so wondering if you have cycles this week to PR something here. if not, also no problem, was just wondering ;)
raesene
commented
5 years ago Hi,
Got a talk to do on Wednesday so not before then I'd expect. hopefully I'll get some time after that, got a looong flight home at the weekend, so I'll likely be hanging around not doing much, so if I can get wi-fi and power, I'll be able to put something together :)
I'm guessing chapter 2 is where this will be best placed, shall I just add it to the bottom of that section?
mhausenblas
commented
5 years ago Excellent! Yes, wherever you think it makes most sense. Goal for the 0.1 milestone is to have at least a paragraph for each section.
One concept that might be worth introducing in Chapter one is threat models, as a means of helping organizations prioritize their security controls.
So things like the threat model of a hard multi-tenancy Kubernetes cluster is quite different to one that has very few users and runs more trusted applications. Ultimately companies have limited resources, so threat modelling can be quite useful in helping them pick which controls to start with.
A simplified model that I tend to use for container security engagements is
1) External attackers. Pretty much everyone has to worry about them, and most of the controls that are important are around preventing unauthenticated attackers gaining access they shouldn't (so things like dashboard security, kubelet authentication etc)
2) Compromised containers. Where an attacker has already gained unauthorised access to a single container, controls move more to the container network and also include escalation to the node.
3) Malicious Users. If a container orchestration system has to worry about potentially malicious users (e.g in a hard multi-tenancy setup) then things like RBAC and PSP (in Kubernetes land) become much more important.