Nice talk on modern K8s and container security tips by Google's Samuel Davidson:
The highlight for me:
Using “distro-less” base images seems like a recommendation that's easy to do and would help make post-exploitation harder.
Samuel has put all his recommendations in this doc.
Other resources I've come across lately:
- Sysdig's SELinux, Seccomp, Sysdig Falco, and you: A technical discussion article.
- Jessie's Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs article.
- Jessie's Security in a containerized world presentation.
- Microsoft's Threat matrix for Kubernetes article.