Kubernetes Vs. Docker (Exam 212-82) PDF
Document Details
Uploaded by barrejamesteacher
EC-Council
Tags
Summary
This document explains Kubernetes and Docker, focusing on containerization. It details how they are used, architecture, and deployment methodologies. It also covers container security challenges. This is part of a Cybersecurity Technician exam.
Full Transcript
Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Kubernetes Vs. Docker Kubernetes Deployment = Docker is open source software that can be installed on any host to build, deploy, and run containerized applications on a single operating system = When Docker is installe...
Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Kubernetes Vs. Docker Kubernetes Deployment = Docker is open source software that can be installed on any host to build, deploy, and run containerized applications on a single operating system = When Docker is installed on multiple hosts with different operating SRR systems, you can use Kubernetes to manage these Docker hosts = 999 999 * * Docker Kubernetes is a container orchestration platform that automates the process of creating, managing, updating, scaling, and destroying containers ’ 99 * = = Kubernetes can be coupled with any containerization technology such as Docker, Rkt, RunC, and cri-o A ; ‘ Docker L &Docker A ‘ i LA LL " Docker Kubernetes and Docker run Both Dockers and Kubernetes are based on microservices architecture, and built using the Go programming language to deploy small, lightweight binaries, and YAML files for specifying application configurations and stacks Copyright © by Kubernetes AL 7] Docker together to build and run containerized applications uncil All Rights Reserved. Reproductionis Strictly Prohibited. Vs. Docker As discussed above, Docker is an open-source software that can be installed on any host to build, deploy, and run containerized applications on a single operating system. Containerization isolates running applications from other services and applications running on the host OS. Kubernetes is a container orchestration platform that automates the process of creating, managing, updating, scaling, and destroying containers. Both Dockers and Kubernetes are based on microservices architecture, they are built using the Go programming language to deploy small configurations efficient lightweight binaries, and stacks. When management and and use Kubernetes deployment and the YAML file for specifying application Docker are coupled together, they provide of containers in a distributed architecture. When Docker is installed on multiple hosts with different operating systems, you can use Kubernetes to manage these Docker hosts through container provisioning, load balancing, failover and scaling, and security. Module 10 Page 1269 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 - - LL ¥. * A 1 &Docker 0500 * Docker Kubernetes and Docker run together to build and run containerized applications Figure 10.13: Kubernetes deployment Module 10 Page 1270 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Container Security Challenges © 66 Inflow of vulnerable source code © Noisy neighboring containers 6 Large attack surface 6O Lack of visibility o6 Container breakout to the host 06 Compromising secrets 6 DevOps speed O = Network-based attacks Bypassing isolation Ecosystem complexity Container Security Challenges While containerization provides fast and continuous delivery of applications to developers and DevOps teams, there are certain security challenges associated with it. The primary security challenges for containers are as follows: Inflow of Vulnerable Source Code: Since containers are open source, the images that are created by the developers are frequently updated, stored, and used as needed. This causes an inflow of source code that may unexpected behaviors, into an organization. potentially harbor vulnerabilities and Large Attack Surface: In cloud or on-premises, there are many containers than run on multiple machines. This provides a large attack surface, and therefore causes challenges in the tracking and detection of anomalies. Lack of Visibility: The abstraction layer created by the container engine masks the activity of a particular container. DevOps Speed: On average, the lifespan of a container is four times less than virtual machines. Containers can be created instantly, run for a short duration of time, stopped, and removed. Due disappear quickly. to this ephemerality, an attacker can execute an attack and Noisy Neighboring Containers: The behavior of one container can potentially cause a DOS for another container. For example, opening sockets frequently can freeze up the host machine. Container Breakout to the Host: Containers that run as the root user can breakout and access the host’s operating system. Module 10 Page 1271 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing = Network-based Exam 212-82 Attacks: A jeopardized container is vulnerable to network-based attacks, especially in outbound networks with unrestricted raw sockets. » Bypassing containers isolation/Lack of isolation: Any inadequacy in the can be a security challenge since an attacker who isolation between compromises one container can then easily access another container in the same host. = Ecosystem complexity: The tools utilized to build, deploy, and manage containers are provided by different sources. Therefore, a user should keep the components secure and up-to-date. Module 10 Page 1272 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.