K
Q

Is it possible to 'Security Scan' running docker containers that have been deployed to k8s?

10/5/2018

We have harbor scanning containers before they have been deployed. Once they are scanned, we then deploy them to the platform (k8s).

Is there anyway to scan a container just say a few weeks down the line after it has been deployed? Without disturbing the deployment of course.

Thanks

-- Calum Price
appharbor
clair
docker
kubernetes

Similar Questions

Can't ping other pods by hostname on minikube
Kubernetes google cloud composer with gitlab ci yaml file
Is running spark on kubernetes still experimental?
Kubernetes refer docker images from single node and create containers in any node
nginx ingress rate limiting
helm chart : strings concatenation

1 Answer

10/5/2018

I think we have to distinguish between a container (the running process) and the image from which a container is created/started.

If this is about finding out which image was used to create a container that is (still) running and to scan that image for (new) vulnerabilities...here is a way to get information about the images of all running containers in a pod:

kubectl get pods <pod-name> -o jsonpath={.status.containerStatuses[*].image}
-- apisim
Source: StackOverflow