Open
Description
I have a further option for the chapter "Running Containers Securely". On the one hand, you can guarantee a certain level of security with pod security policy and on the other you can invert the defaults.
Karydia is a security add-on to Kubernetes to help with good security practices by inverting insecure Kubernetes defaults. Defaults are not enough!
Karydia inverts the following insecure defaults:
- Unmount service account token
- Restrict system calls by adding a seccomp profile
- Run with minimal privileges by adding a none root user
Metadata
Metadata
Assignees
Labels
No labels