Certified Kubernetes Security Specialist (CKS) Preparation Part 7 — Supply Chain Security

  • Light-weight Image as base
  • Multi-stage Build
  • Use specific package versions
  • Do not run as root
  • Make file system read only
  • Remove shell access
docker run ghcr.io/aquasecurity/trivy:latest image nginx
docker run ghcr.io/aquasecurity/trivy:latest image nginx | grep CRITICAL
- kubectl get pods -n kube-system | grep api
- kubectl get pods kube-apiserver-cks-master -n kube-system -o yaml | grep image
docker run ghcr.io/aquasecurity/trivy:latest image k8s.gcr.io/kube-apiserver:v1.20.2
sudo nano /etc/kubernetes/manifests/kube-apiserver.yaml
Error from server (Forbidden): pods "test" is forbidden: Post "https://xxxx:xxxx/xxxx?timeout=30s": dial tcp:....

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jonathan

Jonathan

186 Followers

Learning new things about Kubernetes every day. Hopefully, the learning notes could help people on the same journey!