-
정적 이미지 취약점 분석
- 통상적으로는 이미지 내의 CVE (Common Vulnerabilities Exposure) 탐색
(- 동적 분석은 Sandbox 환경에서 컨테이너 이미지 실행 & indicators of compromise (IOC) 확인)
- 통상적으로는 이미지 내의 CVE (Common Vulnerabilities Exposure) 탐색
-
Clair vs Anchroe vs Trivy
- 큰 틀에서는 모두 같음. CVE 데이터베이스 긁어와서 쌓아놓고 레이어 .tar 까서 파일시스템 비교.
- Ubuntu/Debian/Centos/Alpine 등등에 대한 CVE 검사는 동일
(- Trivy의 경우 npm, pip, maven 패키지에 대한 CVE 검색도 가능)
-
Clair 선택 이유? - Quay, OpenShift에서 씀, 가장 많이 쓰임 (깃헙 스타 가장 많음ㅋㅋ)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
/sbin/modprobe nvidia | |
if [ "$?" -eq 0 ]; then | |
# Count the number of NVIDIA controllers found. | |
NVDEVS=`lspci | grep -i NVIDIA` | |
N3D=`echo "$NVDEVS" | grep "3D controller" | wc -l` | |
NVGA=`echo "$NVDEVS" | grep "VGA compatible controller" | wc -l` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
accelerators:[{ | |
type: "nvidia.com/gpu", | |
devices:[{ | |
name: "nvidia-gpu", | |
pci: "0000:02:00.0", | |
device_file:[ | |
"/dev/nvidia0", | |
"/dev/nvidiactl", | |
"/dev/nvidia-modeset", | |
"/dev/nvidia-uvm", |
https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
Following document is about installing and setting up a cluster using kubernetes. Basic structure it supports is a cluster with one MASTER and multiple NODES(slave nodes).
- COMMON : You should perform for both MASTER and NODE.
- MASTER : You should perform for MASTER only.
- NODE : You should perform for NODE only.