Problem: - Kubernetes service type LoadBalancer (targets all worker nodes) Solution: - https://github.com/zalando-incubator/kube-ingress-aws-controller CUSTOM_FILTERS
security • Container Registry Management • Immutability Image credit: Aquasec “One of the characteristics of containers is that they’re very predictable, or they should be, This allows you to do security in a more predictable, automated way.” - John Morello CTO Twistlock
- Admission hooks to only run allowed images - Process whitelisting in containers - Binary whitelisting - Node protection - RBAC with least privilege approach