Comments (3)
Seems like the second point might have more clarity if it directly references the forementioned tools.
[Original]
We’re investigating having a selection of open source CNFs for this initial configuration – which would run in privileged mode – which could then be required by other CNFs needing this functionality
[Update]
We’re investigating using a selection of the above tools for this initial configuration – which would run in privileged mode – which could then be required by other CNFs needing this functionality
from testsuite.
Reference links:
https://kubernetes.io/docs/concepts/workloads/pods/pod/#privileged-mode-for-pod-containers
https://www.cncf.io/blog/2019/04/29/what-kubernetes-does-and-doesnt-do-for-security/
from testsuite.
I'm not sure if having a separate slide discussing "privileged" is a good idea. To some extend this topic is already covered in both the "security" and the "HW and affinity" sections.
Privileged mode is mainly used to utilize specific parts of the host SW (e.g. kernel, network) or hardware (e.g. CPU, memory, PCI), and these resources should be available through CNIs, device plugins etc.
from testsuite.
Related Issues (20)
- [Feature] Separate console output from logs
- [BUG] Registry spec tests not passing due to insecure registry
- [BUG] `service_account_mapping` test does not fail if the CNF includes an auto-mounted service account. HOT 2
- [BUG] Fix issues introduced human readable task_runtime change
- Urgent: Move off CNCF Equinix Resources HOT 15
- [BUG] cni_compatible test failing due to outdated Cilium
- [BUG] Outdated helm repo path in fluentd bitnami install
- [BUG] One of the shared DB spec tests doesn't cleanup pvc
- [BUG] spec test for pod_memory_hog failing HOT 1
- Node drain test not starting due to unable to get chaos resources (ChaosExperiment.litmuschaos.io "node-drain" not found) HOT 4
- [BUG] Fluentd tailing check is incorrect - observability, routed logs
- [TEST] Change 'kind' setup in github actions so the tests run on a cluster with 2 schedulable nodes
- [MAINTENANCE] Remove duplicate test "volume_hostpath_not_found" HOT 2
- [Feature] Add support of excluding containers with the allowlist argument in Kubescape "privileged_containers" test HOT 1
- The single process type check is skipped if the AUT is deployed in a non-default namespace HOT 4
- Executing Cert Essential fails to complete HOT 2
- [Feature] Refactor sample_setup
- Conflicting single_process_type and specialized_init_system checks HOT 1
- [MAINTENANCE] Add helm_install_namespace to all sample cnfs for spec tests HOT 1
- [Feature] Replace sleep <n> commands with proper waiters
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from testsuite.