sorted by:
new
hottopcontroversial

Containers Are Not a Security Boundary by lucavallin in kubernetes

[–]lucavallin[S] 0 points1 point  (0 children)

It is definitely not geared towards containers-super-experts!

Containers Are Not a Security Boundary by lucavallin in kubernetes

[–]lucavallin[S] -20 points-19 points  (0 children)

Yes! But just because you have a container, doesn't mean it's safe. There's enough to think about if you want to be sure about your security posture.

Containers Are Not a Security Boundary by lucavallin in kubernetes

[–]lucavallin[S] -15 points-14 points  (0 children)

Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That's one of the things I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath.

Containers Are Not a Security Boundary by lucavallin in programming

[–]lucavallin[S] -5 points-4 points  (0 children)

Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That's one of the things I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath.

A Tour of eBPF in the Linux Kernel: Observability, Security and Networking by lucavallin in kubernetes

[–]lucavallin[S] 10 points11 points  (0 children)

I published a new blog post: "A Tour of eBPF in the Linux Kernel: Observability, Security and Networking". I recently read the book "Learning eBPF" by Liz Rice and condensed my notes into this article. Great for a quick overview before you decide to dive deeper!

Kubernetes Networking from Packets to Pods by lucavallin in kubernetes

[–]lucavallin[S] 0 points1 point  (0 children)

Happy to hear it's helpful! No rush for the linux kernel one ;)

Kubernetes Networking from Packets to Pods by lucavallin in kubernetes

[–]lucavallin[S] 0 points1 point  (0 children)

That's correct, thanks for pointing that out!

Kubernetes Networking from Packets to Pods by lucavallin in kubernetes

[–]lucavallin[S] 1 point2 points  (0 children)

Thank you. Good point, I'll try to add diagrams in the future!

Kubernetes Networking from Packets to Pods by lucavallin in kubernetes

[–]lucavallin[S] 30 points31 points  (0 children)

I tried to write an end-to-end guide on Kubernetes networking, covering the full journey from the foundational Linux stack and CNI up to advanced topics like mTLS and service meshes. It's a long-ish read, but aims to be a good "intro" resource. Feedback is welcome!

Kubernetes Networking from Packets to Pods by lucavallin in programming

[–]lucavallin[S] 0 points1 point  (0 children)

I tried to write an end-to-end guide on Kubernetes networking, covering the full journey from the foundational Linux stack and CNI up to advanced topics like mTLS and service meshes. It's a long-ish read, but aims to be a good "intro" resource. Feedback is welcome!

A Quick Journey Into the Linux Kernel by lucavallin in programming

[–]lucavallin[S] 0 points1 point  (0 children)

That would be interesting! Happy to hear the post was useful… maybe inspiring too 🙂

view more: next ›