Skip to content

Containers

Containers

Docker | Kubernetes - Beginners | Intermediate | Advanced

Docker

Docker Commands Cheat Sheet
Docker for beginners
Docker Commands
Build Tiny VMs from docker
CLI tools for maintaining dockers
Make Lifecycle hooks for Docker Containers

Podman:
Podman Docker without root
Podman Desktop

Docker File

Tips:
1. Copy files last to make best use of caching
2. Copy Minimal Files
3. RUN apt-get update && apt-get -y install --no-install-recommends openjdk-8-jdk && rm -rf /var/lib/apt/lists/*

Docker Deamon

https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

Signing Containers

https://github.com/sigstore/cosign

Kubernetes

Kubernetes CLI manager
lightweight Kubernetes for Pis

Hardening Guide:
1. Close unused ports
2. Use NodeRestriction to prevent specific nodes from modifying parts of the API
3. Don't allow anonymous requests
4. Avoid ApiServer exposure to the internet.
5. Setup PodSecurityContext.
- Set runASNonRoot as True
- Configure runAsUser
- Limit permissions indicating seLinuxOptions and seccompProfile
- Do NOT give privilege group access via runAsGroup and supplementaryGroups
6. SecurityContext
- allowPrivilegeEscalation = False
- Remove capabilities you don't need
- privileged = False
- readOnlyFilesystem = True (if possible)
- Set runAsNonRoot to True and set a runAsUser

CLI tools

minikube is local Kubernetes, focusing on making it easy to learn and develop for Kubernetes.
kind is a tool for running local Kubernetes clusters using Docker container “nodes”.

RasPI Cluster

https://2byt.es/post/bantamcloud/02-configure/

Security

Best Practices For Container Environments

Kubernetes:
9 Kubernetes Security Best Practices
Kube-hunter hunts for security weaknesses in Kubernetes clusters
Test Kubernetes for Security for security best practices

Docker:
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Docker Security Cheat Sheet