6 guides on making containers secure
2019 is the year where we really started taking advantage of user namespaces and containers. I have been talking about user namespaces for years as a security measure, and with the advent of Podman, we are finally starting to take advantage. Running rootless containers and using user namespaces for container separation are two of the biggest security features to come along for some time.
We have seen a huge uptick in Podman use, based on the fact that it doesn't require running a daemon as root. We also see lots of interest in running Buildah inside of locked down containers. All of these features take advantage of user namespaces.
I hope that we get this feature all wired up into Kubernetes in 2020. For now, check out the great work on this topic that we've accomplished this year.