YoVDO

Running KubeVirt Workloads with No Additional Privileges

Offered By: Linux Foundation via YouTube

Tags

Conference Talks Courses Kubernetes Courses Virtualization Courses Security Policies Courses Container Security Courses Libvirt Courses Kubevirt Courses

Course Description

Overview

Explore the advancements in running KubeVirt workloads without additional privileges in this informative conference talk by Ľuboslav Pivarč from Red Hat. Dive into the journey of KubeVirt's evolution towards minimizing required capabilities for running virtual machines alongside containers on Kubernetes. Learn about the implementation of rootless user execution, seamless SELinux integration, and the challenges faced in achieving unprivileged networking. Discover the importance of considering security best practices when developing virtualization features, including the use of Linux Security Modules like SELinux and AppArmor. Gain insights into addressing issues related to storage, devices, and file capabilities, and understand the significance of Cell Linux in this context. Acquire valuable knowledge on enhancing security and efficiency in containerized and virtualized environments.

Syllabus

Introduction
Policy Spectrum
What is restricted
Unprivileged networking
How to address the problem
Running the workloads as normal
Security policies
Storage
Devices
Solution
Problem
File capabilities
File capabilities drawbacks
Cell Linux
Whats left
Outro


Taught by

Linux Foundation

Tags

Related Courses

Kubernetes in Kubernetes - Leveraging Hardware Virtualisation on GCP
Cloud Native Skunkworks via YouTube
Kubevirt and the Cost of Containerizing VMs
Linux Foundation via YouTube
No More Turtles: The SecondaryVM Framework - An Alternative to Nested Virtualization
Linux Foundation via YouTube
Slirp is Dead, Long Live Slirp - A New Approach to User-mode Networking
Linux Foundation via YouTube
QEMU and KVM Automated Performance Benchmarking Framework
Linux Foundation via YouTube