User Namespaces in Kubernetes: Security and Flexibility – Pick Both – David Leadbeater, G-Research
Don’t miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 – 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io
User Namespaces in Kubernetes: Security and Flexibility – Pick Both – David Leadbeater, G-Research
Kubernetes has not made use of user namespaces, despite the fact that Linux has supported them for around 10 years. This is changing and in Kubernetes 1.30 user namespaces will become a beta feature. Users will begin to benefit from the increased security and flexibility they offer if they adopt several simple practices. This presentation will introduce the concepts, such as Linux namespaces, that make containers possible on Linux. It will explain what user namespaces are, and demonstrate how they can help mitigate a recently discovered vulnerability in the container ecosystem. Finally, it will demonstrate the flexibility of user namespaces through running Docker inside a container without using “privileged” mode, as some common “Docker-in-Docker” approaches do.
by CNCF [Cloud Native Computing Foundation]
linux foundation
