Vanakkam all
RedHat OpenShift – SCC Vs Kubernetes – AppArmor
In latest Kubernetes version , there is a security feature named AppArmor. This is similar to RedHat OpenShift SCC, but being used in different scenarios.
π SCC (Security Context Constraints) : in OpenShift is like the overall security policy for a shopping mall. It sets mall-wide rules to ensure a safe environment for all stores.
AppArmor : acts as a security layer for each individual store. Each store can have its own tailored restrictions, such as only accessing specific items within its boundaries.
π SCCs ensure no container in the cluster breaks overarching security policies.
AppArmor fine-tunes the permissions for each container individually
π SCC : If your focus is on setting security rules for the entire OpenShift cluster, like restricting which users can run privileged containers or ensuring containers donβt access specific storage types
AppArmor : If youβre worried about someone hacking into your container and trying to access sensitive system files
π AppArmor profile annotation in pod :
annotations:
container.apparmor.security.beta.kubernetes. io/nginx-container: “localhost/apparmor-nginx-profile”
hashtag#redhat hashtag#openshift hashtag#kubernetes hashtag#devops hashtag#security CubenSquare