/var/lib/etcd imageRepository: cof-lee.com:5443/k8s kind: ClusterConfigura�on kubernetesVersion: v1.19.4 networking: dnsDomain: cluster.local serviceSubnet: 10.7.0.0/16 podSubnet: 10.244.0.0/16 scheduler: /var/lib/etcd imageRepository: cof-lee.com:5443/k8s kind: ClusterConfigura�on kubernetesVersion: 1.28.2 networking: dnsDomain: cluster.local serviceSubnet: 10.7.0.0/16 podSubnet: 10.244.0.0/16 scheduler: #修改cri-dockerd服务配置 #修改ExecStart行如下 ExecStart=/usr/bin/cri-dockerd --container-run�me-endpoint fd:// --pod-infra- container-image=cof-lee.com/k8s/pause:3.9 #重启cri-docker # systemctl daemon-reload

Factory using Cloud DevSecOps Services Sidecar Container Security Stack Sidecar Container Security Stack enables: correlated and centralized logs, container security, east/west traffic management, a zero-trust and container policy enforcement.The security stack in the security sidecar container will include: 1. A logging agent to push logs to a platform centralized logging service. 2. Container policy policy enforcement. This includes ensuring container hardening from DCAR containers are preserved and complies with the NIST 800-190 requirements [12]. 3. Runtime Defense, this can perform both signature-based

code (API calls from certain types of test code) 4. Ensure every CI process is in an isolated container 5. Make the version control credentials of the CI system read-only 3. Ch. 23 – Protecting the auditors traditional training of sampling with screenshot evidence doesn’t really work in cloud, container or similar environments with infrastructure-as-code and auto- scaling. Must create alternatives