Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map
Thursday, December 13 • 1:45pm - 2:20pm
Security Considerations for Container Runtimes - Daniel Walsh, Red Hat

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Explain/demonstrates using Kubernetes with different security features for your container environment

General Concept
- Run containers without root, period
- Take advantage of all security features the host provides

Configuring CRI-O:
- Run containers with read-only images
- Limit the Linux capabilities running within your container
- Set up container storage to modify the storage options in a more secure manner
- Configure alternative OCI Runtimes: Kata, Gvisord and Nabla to run locked down containers

Building images with security in mind.
- Limit packages/attack surface of container images
- Build container images within a locked down kubernetes container

Advances in User Namespaces
- Demonstrate running each container with a different User Namespace
- Configure system to take advantage of user namespace container separation, without taking a drastic speed hit

And many more...

avatar for Daniel Walsh

Daniel Walsh

Senior Distinguished Engineer, Red Hat
Daniel Walsh has worked in the computer security field for over 30 years. Dan is a Consulting Engineer at Red Hat. He joined Red Hat in August 2001. Dan leads the Red Hat Container Engineering team since August 2013, but has been working on container tec

Thursday December 13, 2018 1:45pm - 2:20pm
4C 1/2