Keeping container updates under control

Hazardous Goods

Complicated but Possible

Containers are more versatile and complex than their conventional predecessors; moreover, an administrator will typically have an orchestrator to back them up. You might find this extra help annoying, or you might be happy for the help the respective components give you as an admin. Good and reliable security updates for containers require careful planning and good preparation. To avoid falling flat on your face in daily production, an administrator must, above all, have their processes under control. Tools such as Clair help enormously, but are useless without appropriate preparation.

All told, however, the topic of container image security in Kubernetes is currently also not as deeply anchored as you might actually want it to be. OpenShift is the only product that uses Clair as a scanner for potential problems. Vendors need to offer ways and means of automatically inspecting running containers, not only on the basis of some image IDs, but on the basis of the existing containers.


  1. "A Service Mesh for Microarchitecture Components" by Martin Loschwitz, ADMIN , issue 54, 2019, pg. 28,
  2. "Keeping the Software in Docker Containers Up to Date" by Martin Loschwitz, ADMIN , issue 46, 2018, pg. 52,
  3. Rolling Updates in Kubernetes:
  4. @IE"

The Author

Freelance journalist Martin Gerhard Loschwitz focuses primarily on topics such as OpenStack, Kubernetes, and Ceph.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=