| CPC G06F 9/45558 (2013.01) [G06F 9/45512 (2013.01); G06F 16/951 (2019.01); G06F 2009/45587 (2013.01)] | 18 Claims |
|
1. A non-transitory computer-readable medium comprising instructions executable by a processor for causing the processor to:
intercept, using a webhook, a container command issued to an application programming interface (API) of a container orchestration platform by a user of the container orchestration platform, wherein the container command is intended to be executed in relation to a target container, and wherein the container command is intercepted before reaching the target container;
in response to intercepting the container command, determine, by an admission controller that is external to the target container, that the container command violates a security policy, wherein the admission controller is executing on the processor; and
in response to determining that the container command violates the security policy, prevent, by the admission controller executing on the processor, the container command from being executed in relation to the target container of the container orchestration platform.
|