The weakest link There is a saying that “a chain is as strong as its weakest link”. One of the proverbial “links” in a Kubernetes deployed application is the container inside which the application is running. But how does the container impact the way the application is deployed and the way it operates on a …
Continue reading "Container design for Kubernetes" →
The following Linux capabilities describe how unprivileged processes (including those running in containers with a UID and GID of non-zero) these capabilities are per-thread capabilities and the allow an unprivileged process perform certain actions, pending permissions.
This document describes the different capabilities – their meaning and things to lookout for when deploying them on a production cluster.
Continue reading "Kubernetes container security – Linux capabilities" →
This document aims to depict the main guidelines when producing, storing, testing and using programming products and making sure the outcome of every run on every Kubernetes cluster will be identical.
Continue reading "Technical Artifacts considerations K8S aspects" →