Rootless containers with Podman
Blemings Labs | Sat 23 Jan 1:30 p.m.–1:50 p.m.
Presented by
-
Steven Ellis
@StevensHat
http://people.redhat.com/sellis/
Steve's is an Open Source Technology Evangelist in the APAC Office of Technology team at Red Hat. Over the last 25+ years he started work as a developer before transitioning to an infrastructure and operations architect across a broad range of Unix and Linux technologies. For most of that period he’s used Open Source technologies to solve business problems. His current role means he gets to help customers across APAC understand some of the latest Open Source tools and technologies.
In his spare time he still hacks on the MythTV project and debugs Open Source on random bits of hardware that really should know better.
Steven Ellis
@StevensHat
http://people.redhat.com/sellis/
Abstract
As more services are becoming containerised the security risks continue to increase. By adopting rootless containers we immediately remove a huge attack surface, in addition to providing the capability for any user to run containers on a host system without requiring admin rights.
This talk will outline the core concepts and benefits of rootless containers, and how Podman provides a simple to use framework that integrates nicely with Systemd. Along the way we'll also touch on some of the other security and performance management capabilities that SELinux and CGroups bring to containerised deployments.
To outline the benefits, and some of the bumpy bits along the way, Steve will use his initial deployments of Home Assistant and Mosquitto as containerised services for home automation, alongside workloads currently unsuitable for rootless containers.
As more services are becoming containerised the security risks continue to increase. By adopting rootless containers we immediately remove a huge attack surface, in addition to providing the capability for any user to run containers on a host system without requiring admin rights. This talk will outline the core concepts and benefits of rootless containers, and how Podman provides a simple to use framework that integrates nicely with Systemd. Along the way we'll also touch on some of the other security and performance management capabilities that SELinux and CGroups bring to containerised deployments. To outline the benefits, and some of the bumpy bits along the way, Steve will use his initial deployments of Home Assistant and Mosquitto as containerised services for home automation, alongside workloads currently unsuitable for rootless containers.