KINDa cool: Enabling CB Containers on a KIND cluster in Ubuntu 22
The KIND (Kubernetes In Docker) tool is supported on Windows, macOS, and Linux
KIND and provides a very useful environment for gaining familiarity with Kubernetes (K8), development and testing on a local environment. Despite this stated focus of KIND toward development and testing there is a need to ensure the containers running therein are secure, as there is for any environment.
Why secure KIND environments? Firstly, it’s just good practice to ensure that security is “built-in” from the earliest stage and applied throughout the CI/CD lifecycle, which if nothing else means that as you learn and test your K8 skills you’re naturally learning and reinforcing security best practices too. Container images do present some security challenges. Images are usually built by layering other images, which could contain vulnerabilities, and those vulnerabilities can find their way into production systems. Defects and malware can also affect container images and of course we don’t want such risks introduced to the production environment.
Secondly; never assume that a security attack against a development and testing environment won’t occur, nor that it wouldn’t break out from there to production. The graveyard history of security breaches is littered with tombstones labelled with the name of an “Assumption” that died one day under the harsh glare of reality.
VMware Carbon Black Container enables continuous visibility, security, and compliance for the full lifecycle of containers and Kubernetes applications from development to production, including containers running under KIND. Carbon Black Container helps reduce risk by identifying vulnerabilities and misconfigurations, providing the means to harden the workloads you’re developing and testing.
Carbon Black Cloud Container delivers policy-based reporting and enforcement of the security posture across all workloads deployed in the KIND environment, meaning you can detect and fix security risks from the beginning of the development lifecycle.
This video by Josh Knox steps you through the installation of the KIND tool environment on an Ubuntu 22 system, connecting that to (an existing instance of) the Carbon Black Cloud, and illustrates how this helps you ensure that security is maintained without slowing development and operations down.
Some level of familiarity with Linux, the use of CLI commands, and with the Carbon Black Cloud console is assumed.