Running Containers Securely by Default

[CodeClinch]

I have a further option for the chapter "Running Containers Securely". On the one hand, you can guarantee a certain level of security with pod security policy and on the other you can invert the defaults.

Karydia is a security add-on to Kubernetes to help with good security practices by inverting insecure Kubernetes defaults. Defaults are not enough!

Karydia inverts the following insecure defaults:

• Unmount service account token
• Restrict system calls by adding a seccomp profile
• Run with minimal privileges by adding a none root user

https://github.com/karydia/karydia