Introduction to the Kubernetes Seccomp Operator (RTFM with Rawkode)

In this episode, joined by Daniel Mangum and Sascha Grunert, we take a look at the Seecomp Operator for Kubernetes; allowing for new security primitives for your Kubernetes environments.

seccomp (short for secure computing mode) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except those defined through a seccomp profile.

The Seccomp Operator is an out-of-tree Kubernetes enhancement which aims to make managing and applying seccomp profiles more easy and straight forward in Kubernetes.

🕰. Timeline

00:00 - Holding screen
00:30 - Introductions
03:20 - What is seccomp and the seccomp operator
18:00 - Installing the seccomp operator
20:00 - Seccomp profiles
31:00 - Deploying nginx with and without a seccomp profile
57:00 - Switching to Linux because Docker for Mac wasn't working
1:01:00 - Tracing blocked syscalls
1:04:00 - Listing syscalls with strace
1:09:30 - Using podman to generate seccomp profiles

💁🏻‍♂️ Want some help?

💬 Leave a comment
🐦 Ping me on Twitter - https://twitter.com/rawkode
📆 Schedule some time during my office-hours - https://rawko.de/office-hours

🌎 Links

Daniel Mangum - https://twitter.com/hasheddan
Sascha Grunert - https://twitter.com/saschagrunert
Seccomp - https://en.wikipedia.org/wiki/Seccomp
Seccomp Operator - https://github.com/kubernetes-sigs/seccomp-operator

Resources related to this video will be displayed here, including links, downloads, and additional materials.