Sail Sharp - Security best practices with .NET Core & Kubernetes

Associated blog posts:

• Sail Sharp, 8 tips to optimize and secure your .NET containers for Kubernetes
• Keyless Google Cloud Authentication to push your containers to Artifact Registry from GitHub Actions

Deploy the pre-built container

Run the pre-built container:

docker run \
    -d \
    -p 8080:8080 \
    --read-only \
    --cap-drop=ALL \
    --user=65532 \
    ghcr.io/mathieu-benoit/my-sample-app:latest

Deploy the pre-built container on Kubernetes:

kubectl apply \
    -f deployment.yaml
kubectl apply \
    -f service.yaml

Deploy the pre-built container with Score/Humanitec:

humctl score deploy \
    --token ${HUMANITEC_TOKEN} \
    --org ${HUMANITEC_ORG} \
    --app ${APP_ID} \
    --env ${ENVIRONMENT_ID} \
    -f score/score.yaml \
    -i ghcr.io/mathieu-benoit/my-sample-app:latest \
    --wait

Build and test the application locally

Build the application:

docker build \
    --tag my-sample-app \
    app/

Run the application:

docker run \
    -d \
    -p 8080:8080 \
    --read-only \
    --cap-drop=ALL \
    --user=65532 \
    my-sample-app

Test the application:

curl localhost:8080