Introduction to the Kubernetes Seccomp Operator

Explore the Kubernetes Seccomp Operator in this comprehensive video tutorial featuring Daniel Mangum and Sascha Grunert. Learn about seccomp (secure computing mode), a Linux kernel security facility that restricts process system calls through defined profiles. Discover how the Seccomp Operator simplifies seccomp profile management in Kubernetes environments. Follow along as the hosts install the operator, create and apply seccomp profiles, and deploy nginx with and without profiles. Gain insights into tracing blocked syscalls, using strace for syscall listing, and leveraging podman to generate seccomp profiles. Enhance your Kubernetes security knowledge and implement new security primitives in your environments through this informative session.

- Holding screen
- Introductions
- What is seccomp and the seccomp operator
- Installing the seccomp operator
- Seccomp profiles
- Deploying nginx with and without a seccomp profile
- Switching to Linux because Docker for Mac wasn't working
- Tracing blocked syscalls
- Listing syscalls with strace
- Using podman to generate seccomp profiles