Top Highlights

• configuring the container to run as the root user, giving it more privilege on the host than it really needs.
• virtualization doesn’t count as multitenancy at all: multitenancy is when different groups of people share a single instance of the same software, and in virtualization the users don’t have access to the hypervisor that manages their virtual machines, so they don’t share any software.
• In Kubernetes, you can use namespaces to subdivide a cluster of machines for use by different individuals, teams, or applications.
• Use role-based access control (RBAC) to limit the people and components that can access these different Kubernetes namespaces. The details of how to do this are outside the scope of this book, but I would like to mention that Kubernetes RBAC controls only the actions you can perform through the Kubernetes API. Application containers in Kubernetes p...
• Permissions on files determine which users are allowed to access those files and what actions they can perform on the files. These permissions are sometimes referred to as discretionary access control, or DAC.