« Previous 1 2 3 4 5
Keeping container updates under control
Hazardous Goods
Complicated but Possible
Containers are more versatile and complex than their conventional predecessors; moreover, an administrator will typically have an orchestrator to back them up. You might find this extra help annoying, or you might be happy for the help the respective components give you as an admin. Good and reliable security updates for containers require careful planning and good preparation. To avoid falling flat on your face in daily production, an administrator must, above all, have their processes under control. Tools such as Clair help enormously, but are useless without appropriate preparation.
All told, however, the topic of container image security in Kubernetes is currently also not as deeply anchored as you might actually want it to be. OpenShift is the only product that uses Clair as a scanner for potential problems. Vendors need to offer ways and means of automatically inspecting running containers, not only on the basis of some image IDs, but on the basis of the existing containers.
Infos
- "A Service Mesh for Microarchitecture Components" by Martin Loschwitz, ADMIN , issue 54, 2019, pg. 28, https://www.admin-magazine.com/Archive/2019/54/A-service-mesh-for-microarchitecture-components
- "Keeping the Software in Docker Containers Up to Date" by Martin Loschwitz, ADMIN , issue 46, 2018, pg. 52, https://www.admin-magazine.com/Archive/2018/46/Keeping-the-software-in-Docker-containers-up-to-date
- Rolling Updates in Kubernetes: https://kubernetes.io/docs/tutorials/kubernetes-basics/update/update-intro/
- @IE"
« Previous 1 2 3 4 5
Buy this article as PDF
(incl. VAT)