Book Image

The KCNA Book

By : Nigel Poulton
Book Image

The KCNA Book

By: Nigel Poulton

Overview of this book

There is a huge benefit in building small, specialized, single-purpose apps that can self-heal, auto scale, and update regularly without needing downtime. Kubernetes and cloud-native technologies come in handy in building such apps. Possessing the knowledge and skills to leverage Kubernetes can positively enhance possibilities in favor of architects who specialize in cloud-native microservices applications. ‘The KCNA Book’ is designed to help those working in technology with a passion to become certified in the Kubernetes and Cloud-Native Associate Exam. You will learn about containerization, microservices, and cloud-native architecture. You will learn about Kubernetes fundamentals and container orchestration. The book also sheds light on cloud-native application delivery and observability. It focuses on the KCNA exam domains and competencies, which can be applied to the sample test included in the book. Put your knowledge to the test and enhance your skills with the all-encompassing topic coverage. Upon completion, you will begin your journey to get the best roles, projects, and organizations with this exam-oriented book.
Table of Contents (12 chapters)
9
8: Sample test
Appendix B: Sample Test answers

Container security

There are several security risks that are particularly relevant to containers. We’ll cover the following.

  • Shared kernels
  • Root containers
  • Unsecured networks
  • Untrusted code

Containers and shared kernels

Before going any further, kernel is a technical term for the core functionality of an operating system. For example, the core of the Windows operating system is the Windows NT kernel, and the core of Linux operating systems is the Linux kernel. We often use the terms operating system and kernel to mean the same thing.

Namespaced containers are the most popular type of container and operate a shared kernel model. This means all containers running on the same node share the node’s kernel. As an example, 25 containers running on the same node will all share the node’s kernel. This is a big part of why containers are small and start fast, but it’s a security risk. For example, if the node’s kernel is hacked or compromised,...