A layered approach to container and Kubernetes security

Find out what you need to know about implementing a layered approach to container and Kubernetes security. Download the details today.

Containers have garnered broad appeal through their ability to package an application and its dependencies into a single image that can be promoted from development, to test, and to production. Containers make it easy to ensure consistency across environments and across multiple deployment targets like physical servers, virtual machines (VMs), and private or public clouds. With containers, teams can more easily develop and manage the applications that deliver business agility.

When managing container deployment at scale, you need to consider:

  • Which containers should be deployed to which hosts?
  • Which host has more capacity?
  • Which containers need access to each other and how will they discover each other?
  • How do you control access to and management of shared resources such as network and storage?
  • How do you monitor container health?
  • How do you automatically scale application capacity to meet demand?
  • How do you enable developer self-service while also meeting security requirements?

Building security into your applications is critical for cloud-native deployments. Securing your containerized applications requires that you:

  1. Use trusted container content.
  2. Use an enterprise container registry.
  3. Control and automate building containers.
  4. Integrate security into the application pipeline.

Effective security of your deployment includes securing the Kubernetes platform as well as automating deployment policies. Red Hat OpenShift includes the following capabilities out of the box:

  1. Platform configuration and life cycle management.
  2. Identity and access management.
  3. Securing platform data and attached storage.
  4. Automate policy-based deployment

Beyond infrastructure, maintaining application security is critical. Securing your containerized applications requires:

  1. Container isolation.
  2. Application and network isolation.
  3. Securing application access.
  4. Observability

Deploying container-based applications and microservices is not just about security. Your container platform needs to provide an experience that works for your developers and your operations team. You need a security-focused, enterprise-grade, container-based application platform that empowers developers and operators without compromising the functions needed by each team, while also improving operational efficiency and infrastructure utilization. 

Red Hat OpenShift is built on a core of standard and portable Linux containers that deliver built-in security features, including:

  • Integrated build and CI/CD tools for secure DevOps practices.
  • Hardened, enterprise-ready Kubernetes with built-in platform configuration, compliance, and lifecycle management.
  • Strong RBAC with integrations to enterprise authentication systems.
  • Options for managing cluster ingress and egress.
  • Integrated SDN and service mesh with support for network microsegmentation.
  • Support for securing remote storage volumes.
  • Red Hat Enterprise Linux CoreOS, optimized for running containers at scale with strong isolation.
  • Deployment policies to automate runtime security.
  • Integrated monitoring, audit, and logging

Download the details today.

Article 3 of 5

Dig Deeper on Data center ops, monitoring and management

Cloud Computing
and ESG