Kubernetes Podcast from Google Container Security, with Michele Chubrika
7 snips
Oct 15, 2024 Michele Chubrika, a Cloud Security Developer Advocate at Google, joins Anton Chuvakin for a deep dive into container security. They debunk myths about isolation and discuss the intricacies between virtual machines and containers, emphasizing trust boundaries within Kubernetes. The conversation highlights the importance of proactive security practices and the potential of WebAssembly to reduce attack surfaces. They also tackle developer challenges in containerized environments, sharing insights on dependency management and the evolving landscape of cloud-native security.
AI Snips
Chapters
Transcript
Episode notes
VM vs. Container Security
- VMs and containers have different security implications depending on the organizational context.
- Secure infrastructure for VMs doesn't translate to container security.
Container Segregation
- Michelle Chubirka prefers the term "segregation" over "isolation" for containers due to their shared kernel.
- She emphasizes careful organization and resource hierarchies based on trust boundaries.
System Container Security
- Abdel Sghiouar points out that system containers, like those in the control plane, also pose security risks.
- Chubirka suggests separating control plane components into different clusters for better security management.