This is part of my live blogging from QCon 2015. See my QCon table of contents for other posts.
Risks
- Escalation of privileges
- Image integrity
- Unpatched containers
- Any others – see Docker presentation
Need to prevent
- “good” containers calling you accidentally
- “good” containers calling you without your permission
- “bad” containers calling you
production only workflow is an anti-pattern. network security isn’t enought
DevOps is about veleocity. Security and Risk Management can put on the brakes
Pod suurounds separation of concerns. Each actor (security, dev, etc) has own space
Can organize containers into layers
At event, can have ticket in advance or “will call” where show id. The later is like dynamic tokens.
Use host factory when provisioning
Impressions: the original speaker is sick and the subtitute has been at the company five weeks. I wouldn’t have know if he hadn’t mentioned it. I think I don’t know enough about containers though because some of this went over my head.