Running KubeVirt Workloads with No Additional Privileges
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the advancements in running KubeVirt workloads without additional privileges in this informative conference talk by Ľuboslav Pivarč from Red Hat. Dive into the journey of KubeVirt's evolution towards minimizing required capabilities for running virtual machines alongside containers on Kubernetes. Learn about the implementation of rootless user execution, seamless SELinux integration, and the challenges faced in achieving unprivileged networking. Discover the importance of considering security best practices when developing virtualization features, including the use of Linux Security Modules like SELinux and AppArmor. Gain insights into addressing issues related to storage, devices, and file capabilities, and understand the significance of Cell Linux in this context. Acquire valuable knowledge on enhancing security and efficiency in containerized and virtualized environments.
Syllabus
Introduction
Policy Spectrum
What is restricted
Unprivileged networking
How to address the problem
Running the workloads as normal
Security policies
Storage
Devices
Solution
Problem
File capabilities
File capabilities drawbacks
Cell Linux
Whats left
Outro
Taught by
Linux Foundation
Tags
Related Courses
Kubernetes in Kubernetes - Leveraging Hardware Virtualisation on GCPCloud Native Skunkworks via YouTube Kubevirt and the Cost of Containerizing VMs
Linux Foundation via YouTube No More Turtles: The SecondaryVM Framework - An Alternative to Nested Virtualization
Linux Foundation via YouTube Slirp is Dead, Long Live Slirp - A New Approach to User-mode Networking
Linux Foundation via YouTube QEMU and KVM Automated Performance Benchmarking Framework
Linux Foundation via YouTube