- Products
-
Solutions
-
Partnership
-
White Label Program
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Partners
-
Referral Program
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Review Reward
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Affiliate Program
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Article Bounty
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Infrastructure for Startups
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Bug Bounty Policy
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023
-
-
Company
-
About Gcore
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Compliance
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Press & Media
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Legal Information
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Careers
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Internet Peering Points
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023 -
Events
Latest articles
Here you can find useful tips, features and solutionsAll articlesGPU Acceleration in AI: How Graphics Processing Units Drive Deep Learning
This article discusses how GPUs are shaping a new reality in the hottest subset of AI training: deep learning. We’ll...19 Sep 2023Generative AI: The Future of Creativity, Powered by IPU and GPU
In this article, we explore how Intelligence Processing Units (IPUs) and graphics processing units (GPUs) drive the rapid evolution of...18 Sep 2023
-
AI & Machine Learning
Infrastructure as a Service
Platform as a Service
Virtual & Dedicated Servers
Video Streaming Platform
Security
Cloud for Mobile
Custom Services
By Industry
By Service
Select the Gcore Platform
- Edge Delivery (CDN)
- DNS with failover
- Virtual Machines
- Bare Metal
- Cloud Load Balancers
- Managed Kubernetes
- AI Infrastructure
- Edge Security (DDOS+WAF)
- FaaS
- Streaming
- Object Storage
- ImageStack (Optimize and Resize)
- Edge Compute (Coming soon)
- VPS Hosting
- Dedicated Servers
- SSL Certificates
Share
Trusted Repositories and Container Registries in Kubernetes
In this topic, we will consider some of the key capabilities of trusted repositories and container registries. We will cover secure authentication, scanning and signing of content as necessary practices that ensure a secure Kubernetes environment.
In order to establish a deployment of Kubernetes cluster and application workloads into that cluster, it is important to mention the container repositories and containers that are used as a part of the deployment pipeline. There are actually 3 main steps that would ensure that your cluster is secured:
- Content Signing
- Automate Secure Policy: Tooling must support policies regarding the onboarding of unsigned content and content signing.
This means that when you deploy and it goes to get a container from a registry you have an option to use software that will pull only signed content and there is a security setting in Kuberenetes that will always pull the latest content.
- Keys and Certificates
- Authentication and Authorization: Repositories must support regularly rotated permissions and credentials.
These keys and TLS certificates will be a part of Kubernetes security infrastructure to ensure that malware wouldn’t be implemented through mentioned repositories. And they wouldn’t find a way to Kubernetes environment.
- Scanning
- Hygiene and Vulnerability Scanning: Internal and third party repositories must be scanned on an ongoing basis to remediate and identify vulnerability and malware.
The scanning includes the Kubernetes executables and in case of the YML files, organizations typically have to scan those as well to make sure that hackers are not able to explore configuration files.
Let’s take a closer look at this diagram:
Utilizing repositories for software whether it could be third-party components or source code that make up a framework for the infrastructure or application, you have to look at whether it is a public/signed/public repository or trusted registry? It might be that it is just a repository and not a registry, in that case, they may not contain the full ability to implement a security policy. The reason is that the difference between registry and repositories is whether there is metadata!
The metadata defines the content and allows applications when they pull that content from the repositories to measure against the policy.
- Is it signed by the an authorized vendor?
- Is the image we consider is safe?
- Is this image was scanned?
So, these repositories and registries are used in all stages of the environment provided above. Sometimes repositories, where you are pulling things into a Development, may not be as secure as the downstream Test, Staging and Production level. And so some of the public repositories are wide open, especially with all the open-source that is available via public repositories, for instance, GitHub. But as we move through the process we have to lock things down. Test needs to replicate the environment that is Staged for further (stress/)testing and Production environment. In this case, trusted registries are necessary for implementation if you are going to support a secure Kubernetes infrastructure.
Kubernetes infrastructure is only as secure as the applications running on that infrastructure. So, as you promote things through Development, Test, Staging, and Production the role of trusted registries is extremely important. Remember, Kubernetes security does not start and stop the Kubernetes components themselves, it includes the entire pipeline which includes repositories and software on-boarding process.