Chapter 9: Helm Security Considerations
Here are some sample answers to the questions presented in this chapter:
- Data provenance is about determining the origin of data. Data integrity determines whether the data you received is the data that you expected.
- A user needs to download the accompanying
.ascfile, which contains the digital signature.
helm verifycommand can be used to verify locally downloaded charts, while the
helm install --verifycommand can be used against charts stored in an upstream chart repository.
- You can incorporate regular vulnerability scanning. You can also try to avoid deploying images that need to be run as root or a subset of root capabilities. Finally, you can reference images using a
sha256value instead of a tag to ensure that you are always deploying the expected image.
- Resource limits help prevent an application from being able to exhaust the underlying node resources. You can also leverage
LimitRangesto set the maximum...