I'm working on a project to create a sandbox as a service where users can run their code in isolated environments on demand, with SSH access when necessary. While I'm considering Kubernetes to manage resources across users, my main concern is ensuring the security of both the internal systems and the users' pods. The key challenge is allowing root access within the containers, which I know can introduce security risks. I've explored a few security measures: using `automountServiceAccountToken: false` to limit host access, setting `hostUsers: false` to enable user namespaces and prevent container escape, and blocking pod-to-pod communication in the network. I'm looking for additional best practices or strategies to enhance security further without compromising user flexibility. Any advice would be appreciated!
1 Answer
That's a solid question! The reason you should reconsider root access is that it could allow users to escape the container and compromise the host. If your goal is to provide users with the ability to install packages like `apk`, maybe consider using a predefined set of environments with limited packages instead. You can allow them to choose environments while keeping things secure. A fully controlled development environment can mitigate risks while still providing flexibility.
Thanks for the insight! I really want to strike a balance between security and user freedom. I'll think about limiting the environments to reduce risks!