- Course overview
- Course details
- Prerequisites
Course overview
About this course
This course emphasizes the skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment and runtime.
After completing this course, you will be able to understand Kubernetes processes without inserting secure systems or gatekeepers into the process and slowing it down, and observe rapidly progressing DevOps processes and pinpoint which container, process, or subsystem causes a security concern.
Essential skills that you will gain include:
- Cluster Setup
- Cluster Hardening
- System Hardening
- Minimizing Microservices Vulnerabilities
Audience profile
This course is ideal for anyone holding a CKA certification and interested in, or responsible for, cloud security.
Course details
1: Cloud Security Primer
- Basic Principles
- Threat Analysis
- Approach
- CIS Benchmarks
- Hands-on Labs
- CIS Benchmarks
2: Securing your Kubernetes Cluster
- Kubernetes Architecture
- Pods and the Control Plane
- Kubernetes Security Concepts
3: Install Kubernetes using kubeadm
- Configure Network Plugin Requirements
- Kubeadm Basic Cluster
- Join Node to Cluster
- Kubeadm Token
- Kubeadm Cluster Upgrade
- Hands-on Labs
- Configure Network Plugin Requirements
- Installing Kubeadm
- Join Node to Cluster
- Manage Kubeadm Tokens
- Kubeadm Cluster Upgrade
4: Securing the kube-apiserver
- Configuring the kube-apiserver
- Falco
- Enable Pod Security Policies
- Encrypt Data at Rest
- Benchmark Cluster with Kube-Bench
- Hands-on Labs
- Enable Audit Logging
- Deploy Falco to Monitor System Calls
- Encryption Configuration
- Kube-Bench
5: Securing ETCD
- ETCD Isolation
- ETCD Disaster Recovery
- ETCD Snapshot and Restore
- Hands-on Labs
- ETCD Snapshot and Restore
6: Purge Kubernetes
- Purge Kubeadm
- Hands-on Labs
- Purge Kubeadm
7: Image Scanning
- Container Essentials
- Secure Containers
- Scanning with Trivy
- Snyk Security
- Hands-on Labs
- Creating a Docker Image
- Trivy
8: Manually Installing Kubernetes
- Kubernetes the Alta3 Way
- Lecture: Validate your Kubernetes Installation
- Hands-on Labs
- Deploy Kubernetes the Alta3 Way
- Sonobuoy K8s Validation Test
10: Kubectl (Optional)
- Kubectl get and sorting
- Hands-on Labs
- kubectl get
- kubectl describe
11: Labels (Optional)
- Labels
- Annotations
- Hands-on Labs
- Labels and Selectors
- Insert an Annotation
12: Securing your Application
- Scan a Running Container
- Security Contexts for Pods
- AppArmor Profiles
- Isolate Container Kernels
- Hands-on Labs
- Tracee
- Understanding Security Contexts
- AppArmor
- gVisor
13: User Administration
- Contexts
- Authentication and Authorization
- Role-Based Access Control
- Service Accounts
- Hands-on Labs
- Contexts
- Role-Based Access Control
- RBAC Distributing Access
- Limit Pod Service Accounts
14: Implementing Pod Policy
- Admission Controller
- Pod Security Standards
- Open Policy Agent
- Hands-on Labs
- Create a LimitRange
- Enable PSS
- Deploy Gatekeeper
15: Securing Secrets
- Secrets
- Hashicorp Vault
- Hands-on Labs
- Create and Consume Secrets
16: Securing the Network
- Networking Plugins
- NetworkPolicy
- mTLS
- Hands-on Labs
- Deploy a NetworkPolicy
- Namespace Network Policy
- mTLS with Linkerd
- Linkerd Dashboard
17: Threat Analysis and Detection
- Active Threat Analysis
- Host Intrusion Detection
- Network Intrusion Detection
- Physical Intrusion Detection
Prerequisites
- Working knowledge of Kubernetes and/or CKA
- Basic Linux skills are helpful
- Familiarity with a text editor like vi, vim, or nano is helpful
Enquiry
Course : Certified Kubernetes Security
Enquiry
request for : Certified Kubernetes Security
