Containers without Shell access

Hi,

We’re trying to create images to run on Kubernetes which DON’T have shell access. We want NO person to be able to access these containers. Is there any way to do this? Any way to restrict/block SH access to a container?

This is because we ran a KeyStore (DB) which has public and private keys, and which is queryable through an API. But this DB should ONLY be accessible through the API. Not even us, who create the container should be able to have SH access.

Thanks a lot to anyone who has any idea on how to accomplish this!

If your application does not need a shell, then just don’t include a shell in the image.

Perhaps the distroless image is something of use here:

but it is fairly limited in applications.

HTH

1 Like

Hi , I would like to know if we have centOs 7/8 base distroless image for GOLANG applicatio .