CRI

Jan 1, 0001

Definition

CRI stands for Container Runtime Interface, a standard API used by Kubernetes to interact with container runtimes. It allows Kubernetes to manage container lifecycle operations such as starting, stopping, and monitoring containers. CRI abstracts the underlying container runtime, enabling Kubernetes to support multiple container runtimes like Docker, containerd, and CRI-O.

Secure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: secure-pod
spec:
  securityContext:
    runAsNonRoot: true
    readOnlyRootFilesystem: true
  containers:
  - name: secure-container
    image: my-secure-image:latest
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL

Insecure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: insecure-pod
spec:
  containers:
  - name: insecure-container
    image: my-insecure-image:latest
    securityContext:
      privileged: true
      capabilities:
        add:
        - NET_ADMIN

CRI

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter