Mastering Docker orchestration - linux.conf.au · 2018-01-22 · Mastering Docker orchestration...
Transcript of Mastering Docker orchestration - linux.conf.au · 2018-01-22 · Mastering Docker orchestration...
WHO AM I?
Alistair Chapman
agc93
agc93
Information Security Engineer @ Red Hat
Microsoft MVP
Walking, talking case of impostor syndrome
THE PLAN(OR HOWEVER MUCH I CAN FIT IN 15 MINUTES)
Monitoring container workloadsAdapting your processesSecuring your containersBuilding a solution
MONITORING CONTAINERSSCALE YOUR MONITORING WITH YOUR WORKLOADS
You're notmonitoring a fewservers anymore!Get your host ↔ appbalance rightIdentify your"bridging"/interfacepointsHerd those cats!
IMPROVE YOUR RESPONSETOOLKIT
The same tools and processes don't apply tocontainers!Know how to make the most of DockerBe wary of reliance on documentationPrepare for each layer of the stack
SECURE YOUR CLOUD
This should be abasic requirementAssume everyone's out toget youDon't implicitly trust third-party apps
SECURE YOUR CLOUD
Behavioural monitoringStandard network-based detectionProper user controls and RBACAPI activity (including baselining)Platform access controls
BUILDING YOUR SOLUTIONPRO-TIP: IT'S NOT DOCKER
The answer isn't Docker
or Kubernetes, or OpenShift
Containers are not a turn-key solutionBuild a stack around both sides of yourinfrastructure