►
From YouTube: Container Security Technical Walk Through
Description
A walk through of the pages and code that are related to container security and how to test it both locally and in production
A
Going
to
forget,
I
was
working
on
this
this
banner.
By
the
way
it
looks
very
nice
eh.
B
A
B
Yeah,
so,
as
I
was
talking
about,
is
how
to
set
up
a
dummy
cost
and
get
access
to
the
network
policy
page.
So
if
you
go
under
the
operations
menu
back
there
now
it's
on
the
left
side.
B
Yeah
and
then
they
change
it
a
bit,
I
guess,
integrate
with
cluster
certificate.
I
would
imagine
agent
is
a
new
thing.
A
So
you've
been
you've
stopped
working
on
this
for
two
seconds
and
they've
already
changed
everything.
A
Sorry,
that
is
a
bug
with
this
banner.
Actually,
the
if
you
click
x,
it
reloads
the
page.
B
A
Yeah,
I
don't
know
how
to
fix
it.
Maybe
if
we
have
time
we'll
I'll
ask
you
for
your
help:
okay,
so,
okay,
so
cluster
name,
whatever.
B
Yeah
and
then
api
url,
just
and
http
test.com
certificate
can
be
like
any
string
like
test
test
just
enough.
I
think
you
might
not
even
need
a
certificate,
just
leave
it
blank
for
now.
Actually
you
need
talking
and
talking
can
be
anything
okay,
yeah
and
then
add,
keep
an
eyes
question
just
green
button.
B
I
know
it
is
the
next
thing
so
after
that
go
operations,
environments
and
you
need
a
deployment
environment
first.
So
kubernetes
is
the
platform
we
are
deploying
our
application.
An
environment
represents
a
specific
deployment
of
the
application.
It
can
be
staging
production
on
any
kind
of
environment
review,
apps
go
into
their
own
environments,
so
normally
environment
is
created
during
deployment
by
like
ci
job,
for
example,
but
in
this
case
we
will
create
it
ourselves.
So
click
new
environment.
B
It
was
a
thing
common
thing
for
me,
I
don't
know
it's
usually
really
sluggish
for
some
reason.
I.
B
This
specific
case,
because
assets
have
been
processed,
probably.
A
B
Sometimes
there
are
more
problems,
so
yeah
for
environment
just
again
named
can
be
anything
and
then
external
url.
Just
for
every
url.
You
want
to
use
it's
just.
It
has
to
be
http
something
yeah,
just
press
save
so
from
the
github
section
right
now
you
have
applications
that
was
deployed
to
cluster,
so
this
unbox
quite
a
few
pages,
for
example,
metrics
page
will
unblock,
but
in
our
case
we're
interested
in
security
and
compliance
pay
menu
and
then.
B
So
you
could
see
there
is
a
drop
down
and
policy
page
that
allows
you
to
select
which
environments
you
want
to
see,
and
then
you
can
click
new
policy
and
yeah.
The
banner
at
the
top
environment
does
not
have
blah
blah
blah
blah
it's
kind
of
normal,
but
that's
the
policy
builders
that
we
have.
So
you
can
essentially
like
the
easiest
way
is
to
like
click
neural
and
fill
like
under
the
rose
thing.
B
Yeah,
so
this
essentially
builders
at
all
you
to
compose
a
so-called
kubernetes
network
policies
that
allow
you
to
isolate
your
application
traffic
and
based
on
the
set
of
roles
that
you're
interested
in
the
policy
itself
is
represented
in
a
yamo
structures
that
you
see
on
the
right
side,
yeah,
and
if
you
want
to
see
a
human
description,
you
can
click
a
rule
on
the
policy
preview.
B
It
will
tell
you
what
it
exactly
will
do
in
the
human
words,
so
you
can
add
as
many
blocks
as
you
want
and
then,
if
you
press,
yammer
mod
under
the
editor
mod,
it's
a
bit
higher
yeah.
You
can
essentially
drop
back
drop
into
the
simple
yammer
editor
and
essentially
type
in
the
policies
that
you
want.
If
you
wish
to
do
that,
yeah,
that's
that's
about
it.
When
you
press
create
policy,
it
goes
into
your
cluster.
In
your
case,
it
will
fail
to
deploy,
because
your
cost
is
not
an
actual
quest.
B
A
Yeah,
I
see
so
if
I
cancel.
B
B
So
those
policies
that
you
see
you
can
click
on
them,
like
the
dropout
bound
it
will
open
and
the
sidebar
this
the
information,
it's
a
bit
different
for
user
created
policies,
and
you
can
edit
policies
from
there,
but
the
policies
you
see
right
now:
it's
we
call
them
predefined
policies.
This
policies
is
just
something
we
ship
for
users
to
quickly
deploy
yeah.
So
essentially
all
the
actions
will
fail
right
now,
because
you
don't
have
a
question,
but.
A
Oh,
I
see
up
here,
yeah
yeah,
what
okay,
so
these
are
predefined,
and
these
are
sort
of
like
you,
product
is
determined.
These
are
things
that
are
commonly
used,
that
somebody
would
want
okay.
So
so
that's
how
you're
able
to
test
the
policies
page,
because
these
are
predefined,
as
well
as
the
policy
creation
deletion
without
actually
having
any
policies.
B
B
Yeah,
you
obviously
don't
have
a
data,
but
if
you
would
have
a
data
and
you
have
to
like
set
up
parameters
and
for
the
application
firewall
which
is
going
away,
so
you
shouldn't
worry
about
it
too
much,
but
for
contingency
in
network
policies,
you
have
to
set
up
parameters
for
stats
to
work.
There
is
a
docs
page.
I
think,
if
you
click
on
the
learn
more,
it
will
get
you
to
the
docs
that
has
the
necessary
requirements
for
the
specific
stats
to
work.
Yeah.
You
have
what
it
says.
B
B
Yeah
and
then,
if
you
have
a
psyllium
custom
installation
of
psyllium,
which
you
probably
won't
have
so
don't
bother
that.
But
if
you
have
custom
stuff,
you
would
need
to
change
config
a
little
bit,
but
otherwise
yeah
that's
about
it.
What
we
did
on
the
front
and
side.
Nothing
really
else
comes
to
mind
this
two
main
pages
we
work
on.
A
What
about
so,
so
you
don't
have
psyllium
on
your
local
machine
and
and
you
do,
but
you
do
have
prometheus
correct.
B
If
you
really
want
the
data
is
either
simulated
from
the
oco
gtk,
but
I
usually
connect
to
the
demo
cluster
like.
If
you
will
go
to
the
github.com,
I
think,
protect
and
contain
security
damage
or
something
there
is
a
whole
cost
with
all
the
stuff
installed
on
it,
and
you
technically
can
and
has
a
parameters
and
everything
you
need.
B
And
yeah
those
all
projects
are
independent,
but
can
you
select
kubernetes
wait,
wait
yeah?
Can
you
select
kubernetes
at
the
left
side
in
the
sidebar.
B
Do
you
have
access
to
it?
No,
you
don't!
So
if
you
would
have
access
to
that
stuff.
Actually,
are
you
go
back
for
a
moment?
B
Could
you
please
press
on
them
and
not
just
open
it
just
press
on
it?
Oh.
A
B
Just
like
that
and
then
go
to
kubernetes
right
now.
Yes,
so
this
is
the
classes
that
has
everything
installed,
that
you
might
ever
need.
Click
on
a
demo
related
group
oops
time
to
have
some
rest.
B
So
if
you
click
environments-
and
you
could
see
that
it
already
has
all
the
demo
projects
running
on
this
cluster,
so
if
you
just
want
to
check
how
everything
looks
in
production,
you
can
check
the
environment,
but
you
also
can
connect
to
this
cluster
it.
It
requires
some
kubernetes
tinkering,
and
I
probably
will
not
do
that
in
this
video.
Specifically,
I
think
samia
should
be
able
to.
B
The
steps
it's
a
bit
technical,
but
again
it's
still
probably
the
easiest
way
to
try
things
locally
is
just
to
connect
to
this
cluster
because
you
don't
have
to
set
up
anything
afterwards.
It
will
be
set
up
for
you
already
and
you
can
just
start
using
policies.
You
can
start
checking
stats
and
stuff
like
that.
A
B
For
network
policies,
there
is
network
policy
demo,
you
can
click
like
you
see
in
the
project's
list.
There
is
network
policy,
then
we
click
on
it
and
then,
if
you
will
go
to
security
and
compliance
thread,
monitoring
it
should
have.
I.
A
B
B
Yeah
do
that
I
think
you
need
the
name
at
least.
A
B
Yeah,
you
should
be
able,
like
someone
mentioned,
that
it
was
broken.
I
haven't,
I
don't
know
what
the
state
of
it,
but
previously
this
is
the
project
like
we
used
during
validation
in
production
and
stuff
like
that
and
testing
stuff
yeah.
Can
you
can
you
delete?
The
roadblock
like
essentially,
the
policy
is
just
name
should
be
a
valid
policy.
B
No,
I
think
there
is
something
wrong
with
the
question
right
now.
Yeah,
that's
strange.
A
B
Is
that
usually
me,
or
was
that
me
so
right
now?
It's
probably
sammy
is
mostly
who
knows
how
to
think
fix
those
things,
so
I
would
ask
him
to
see
why
why
it's
not
hoarding,
because
right
now
it
says
something
is
wrong.
I
guess
it
can't
connect
to
the
cluster
right
now.
B
A
There's
a
500
okay.
Is
there
an
equivalent
for
staging.
B
No,
I
think
we
usually
use
the
temporary
environments.
What
I
would
usually
do
is
create
a
project
set
up
everything
we
need
up
there,
because
I
know
how
to
do
that.
It's
really
fast,
but
we
don't
have
a
persistent
environment
staging
right
now
it
might
be
worth
setting
up,
but
previously
because,
like
our
projects
would
be,
it
has
a
question.
B
B
B
That
company
has
to
pay
for
your
environment,
so
we
we
tend
to
not
keep
long
grinding
clusters
unless
it's
really
necessary.
That's
why
it's
mostly
temporary
environments
and
staging
to
just
save
on
cost.
A
B
A
I
see
got
it
because
I
mean
you
can
have
like
this
project
all
set
up
pointing
to
get
lab
staging,
and
then
you
just
go
on
google
cloud
and
create
get
lab
staging
and
then
refresh.
B
B
So,
if
you
use
oh,
I
click
jiggy
right
now,
let's
check,
if
you
have
an
access
to
just
yeah
it,
it
will
ask
you
your
google
account
and
it
will
connect
your
google
account
talking
to
the
github
instance.
So
it
could
see
scroll,
be
down,
select
project
and
google
cloud
project
platform
project.
Yeah,
always
select
group
defend.
B
And
then
select
done
interesting.
I
think
you
don't
have
the
full
access
in
this
case,
but
what
normally
would
happen?
You
select
group
defense,
it's
how
like
google
cloud
group
specifically
to
us
and
then
you
select
a
zone,
usually
it's
america
for
you
and
then
number
of
nodes.
B
But
you
need
enough
access
permission
to
the
google
cloud
platform.
Usually
you
go
and
ask
our
it
team
to
set
up
permissions
for
you.
You
need
to
open
a
ticket
for
that.
But,
alternatively,
you
can
just
ask
that
me
to
set
up
staging
environment
for
you.
A
A
A
Well,
that's
all
the
questions
I
can
think
of
at
the
time
this.
Oh
this,
this
the
code
for
threat
monitoring,
that's
probably
in
threat,
monitoring
somewhere.
B
It's
the
enterprise
edition
only
so
it's
under
e
e
e
front
end.
It's
probably
the
yeah
threat
monitoring
and
everything
up
there.
B
A
B
And
there
are
two
separate
apps
actually
inside
here:
the
one
is
for
the
stats
and
main
page
and
policy.
Edit
is
separate
view
app.
That's
why
they
have
two
entry
points
up
here.
A
B
B
B
B
It's
actually
hamilton,
yeah
or
otherwise.
This
year.
A
A
B
No
problem,
hopefully
nothing,
will
prevent
you
from
being
efficient
with
this
card.
B
A
B
Does
not
really
exist,
but
then,
when
I
need
to
test,
then
when
it
when
I
go
and
create
something
again
be
careful
with
setting
up
costs,
because
if
you
forget
to
remove
it,
it
will
be
just
leaching
money
out
of
the
company,
roughly
at
the
rate
of
20
us
dollars
per
hour
per
node.
So
if
you
have
let's
say
by
default,
it's
three
nodes
cost.