« Previous 1 2 3 4 5

Keeping container updates under control

Hazardous Goods

Complicated but Possible

Containers are more versatile and complex than their conventional predecessors; moreover, an administrator will typically have an orchestrator to back them up. You might find this extra help annoying, or you might be happy for the help the respective components give you as an admin. Good and reliable security updates for containers require careful planning and good preparation. To avoid falling flat on your face in daily production, an administrator must, above all, have their processes under control. Tools such as Clair help enormously, but are useless without appropriate preparation.

All told, however, the topic of container image security in Kubernetes is currently also not as deeply anchored as you might actually want it to be. OpenShift is the only product that uses Clair as a scanner for potential problems. Vendors need to offer ways and means of automatically inspecting running containers, not only on the basis of some image IDs, but on the basis of the existing containers.

Infos

"A Service Mesh for Microarchitecture Components" by Martin Loschwitz, ADMIN , issue 54, 2019, pg. 28, https://www.admin-magazine.com/Archive/2019/54/A-service-mesh-for-microarchitecture-components
"Keeping the Software in Docker Containers Up to Date" by Martin Loschwitz, ADMIN , issue 46, 2018, pg. 52, https://www.admin-magazine.com/Archive/2018/46/Keeping-the-software-in-Docker-containers-up-to-date
Rolling Updates in Kubernetes: https://kubernetes.io/docs/tutorials/kubernetes-basics/update/update-intro/
@IE"

The Author

Freelance journalist Martin Gerhard Loschwitz focuses primarily on topics such as OpenStack, Kubernetes, and Ceph.

« Previous 1 2 3 4 5

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

SUBSCRIPTIONS

Print Subs

Digisubs

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia

Related content

Tools for testing container vulnerability
Vulnerable software and incorrect settings cause problems, but administrators have some tools at hand that can help with container security.

more »
Keeping the software in Docker containers up to date
Docker has radically changed the way admins roll out their software in many companies. However, regular updates are still needed. How does this work most effectively with containers?

more »
When are Kubernetes and containers not a sensible solution?
As the major Linux distributors increasingly lean toward containers, many administrators have come to realize that containers are by no means a panacea for all their problems.

more »
Safeguard and scale containers
Security, deployment, and updates for thousands of nodes prove challenging in practice, but with CoreOS and Kubernetes, you can orchestrate container-based web applications in large landscapes.

more »
Create secure simple containers with the systemd tools Nspawnd and Portabled
Systemd comes with two functions for container management that allow many programs to run more securely through isolation.

more »

comments powered by Disqus

Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
</a>

<hr>
</div>
</div>

<div class=