Moving Images From Non-Production to Production

Explore methods to securely promote container images from non-production to production environments in Kubernetes. Understand the role of vulnerability scanning, configuration as code reviews, cryptographic image signing, and enforcement of policies within CI/CD pipelines to ensure only vetted images are deployed in production. Gain insights into building secure workflows to manage images safely in real-world Kubernetes scenarios.

We'll cover the following...

Vulnerability scanning
Configuration as code
Sign container images
Image promotion workflow

Many organizations have separate environments for development, testing, and production. Usually, development environments have fewer rules and are places where developers can experiment. This can involve non-standard images our developers eventually want to use in production. The following sections outline some measures we can take to ensure that only safe images get approved for production.

Vulnerability scanning

Vulnerability scanning should be at the top of the list for vetting images before allowing them into production. These services scan our images at a binary level and check their contents against databases of known security vulnerabilities (CVEs).

We should integrate vulnerability scanning into our CI/CD pipelines and implement policies that ...

1.Kubernetes Primer

2.Kubernetes Principles of Operation

3.Getting Kubernetes

4.Working With Pods: Theory

5.Working with Pods: Hands-On

6.Virtual Clusters with Namespaces

7.Kubernetes Deployments

Project

8.Kubernetes Services: Theory

9.Kubernetes Services: Hands-On

10.Ingress

11.WebAssembly on Kubernetes

12.Service Discovery: Deep Dive

13.Kubernetes Storage

14.ConfigMaps

Project

15.StatefulSets

16.API Security and RBAC

17.Kubernetes API

18.Threat Modeling Kubernetes

19.Real-World Kubernetes Security

20.Conclusion

Moving Images From Non-Production to Production

Vulnerability scanning