Thought I’d share some of this — a few weeks worth of trial & error (and heartburn).
Software containerization is a technology, you keep running into when building distributed #systems or micro-service architectures.
Containerization has reached critical mass in the cloud and now it seems like the Edge is its next target. The usual breadcrumbs of info scattered across the internet (Docker docs etc.) are just duct tape i.e.
• Use minimal base images (this is actually terrific advice)
• Don’t use SSH from within your container
• Don’t use root in your container
but realized, the root of the problem isn’t being addressed. So applied some of our good old security paradigms/principles
Security Paradigms:
Defense in Depth
Least Privileges
to deal with pretty much (95%) of the possible #attack surface
Shared Kernel Exploits
Resource Exhaustion – #DoS attacks
Container Breakouts
Poisoned Images
Secrets Leakage
And so I did and came up with this.
