Hello Bret, your videos and educational materials are underrated. As an infra/security engineer who's been working deeply with Kubernetes & containers for the past 6 years, I continue to learn new things from your channel. Thank you for all the work you do to share knowledge with the community.
@BretFisher2 жыл бұрын
Wow, thanks!
@mitchharpur2 жыл бұрын
Great session. Thank you for the effort to explain the details
@archemedes34512 жыл бұрын
YES! It's that you share not just the "what" but the "why". 👍
@BretFisher2 жыл бұрын
My pleasure!
@RAHUL841991 Жыл бұрын
Thanks , really helpful
@maksimbakalo11832 жыл бұрын
Thanks, Bret, awesome video, watched it twice and will use it as a reference. Please do more k8s security videos.
@BretFisher2 жыл бұрын
Great, I wanted it to be a quick reference for all the pod sec things :)
@dineshkumarprajapati53552 жыл бұрын
Hello Bret, thanks for detailed information about pod defaults. I have a question, can we set readinessProbe in cronjob?
@BretFisher2 жыл бұрын
Yes you can!
@mozhago82802 жыл бұрын
Hi Bret, Great session as usual. I see that u did mention Apparmor and Selinux to restrict the pod access to OS resources. Do u think seccomp profile eleminates the need for such things. Thanks
@BretFisher2 жыл бұрын
If you have the non-root stuff, and seccomp default profile enabled, then there is overlap between those and what AppArmor and SELinux does, but it's not 1-for-1, and I'm not smart enough to do a line-by-line comparison. It's really up to if you want to use a custom profile for your app, and then just pick a tool to do it in. AppArmor (apt/ubuntu) and SELinux (Red Hat) tend to be easier to use than seccomp or manually removing kernel capabilities, IMO. For some apps like NGINX, Apache, MySQL, you might find pre-created profiles you can manually apply to those pods for a much tighter security profile. At that point it doesn't matter which method you use, as long as it works on that host.
@dineshkumarprajapati53552 жыл бұрын
Hello Bret, I am running 5 different crons and each have different schedule time. Like 1st run every 4 minute, 2nd run every 10 minutes, 3rf run every 15 minutes, 4th run every 20 minutes and last 5th one every 45 minutes. When I start these crons, these run flawless but I found one issue is that these all crons restart after every hour. Means last cron which runs every 45 minutes got terminated in second iteration after 15 minutes (45+15) I'm using AWS EKS cluster. Can you please let me know what's causing this unusual behaviour of the crons. Thanks in advance
@BretFisher2 жыл бұрын
I've never seen that issue before, and it doesn't sound like a normal Kubernetes behavior. I recommend reaching out to AWS support, as it sounds like an issue with your EKS.