Securing Kubernetes (CKS)
Description
Description
Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stability while maximizing resource utilization for applications and services. Our Securing Kubernetes course emphasizes the skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment and runtime. As a security expert in the DEVOPS world, your role is to observe and track activity. This means you need to understand processes without inserting secure systems or gatekeepers into the process and slowing it down. You must be able to observe rapidly progressing devops processes and pinpoint which container, process, or subsystem causes a security concern.
What will you learn?
-
Cluster Setup
-
Cluster Hardening
-
System Hardening
-
Minimizing Microservices Vulnerabilities
-
Supply Chain Security
-
Monitoring, Logging and Runtime Security
-
AI LLM prompt engineering for generating configuration snippets and solutions
Course Outline:
Lesson 1: Certified Kubernetes Security Specialist
-
💻 Register for Poll
-
💬 Welcome
-
💬 The CKS Exam
-
💻 Kubernetes Proficiency Test
Lesson 2: Learning Your Environment
-
💬 Underlying Infrastructure
-
💻 Using Vim
-
💻 Tmux
Lesson 3: Cloud Security Primer
-
💬 Basic Principles
-
💬 Threat Analysis
-
💬 Approach
-
💻 CIS Benchmarks
Lesson 4: Securing your Kubernetes Cluster
-
💬 Kubernetes Architecture
-
💬 Pods and the Control Plane
-
💬 Kubernetes Security Concepts
Lesson 5: Install Kubernetes using kubeadm
-
💬 Configure Network Plugin Requirements
-
💻 Configure Network Plugin Requirements
-
💬 Kubeadm Basic Cluster
-
💻 Installing Kubeadm
-
💬 Join Node to Cluster
-
💻 Join Node to Cluster
-
💬 Kubeadm Token
-
💻 Manage Kubeadm Tokens
-
💬 Kubeadm Cluster Upgrade
-
💻 Kubeadm Cluster Upgrade
Lesson 6: Securing the kube-apiserver
-
💬 Configuring the kube-apiserver
-
💻 Enable Audit Logging
-
💬 Falco
-
💻 Deploy Falco to Monitor System Calls
-
💬 Encrypt Data at Rest
-
💻 Encryption Configuration
-
💬 Benchmark Cluster with Kube-Bench
-
💻 Kube-Bench
Lesson 7: Securing ETCD
-
💬 ETCD Isolation
-
💬 ETCD Disaster Recovery
-
💬 ETCD Snapshot and Restore
-
💻 ETCD Snapshot and Restore
Lesson 8: Purge Kubernetes
-
💬 Purge Kubeadm
-
💻 Purge Kubeadm
Lesson 9: Image Scanning
-
💬 Container Essentials
-
💬 Secure Containers
-
💻 Creating a Docker Image
-
💬 Scanning with Trivy
-
💻 Trivy
-
💬 Snyk Security
Lesson 10: Manually Installing Kubernetes
-
💬 Kubernetes the Alta3 Way
-
💻 Deploy Kubernetes the Alta3 Way
-
💬 Validate your Kubernetes Installation
-
💻 Sonobuoy K8s Validation Test
Lesson 11: Kubectl (Optional)
-
💬 Kubectl get and sorting
-
💻 kubectl get
-
💻 kubectl describe
Lesson 12: Labels (Optional)
-
💬 Labels
-
💻 Labels and Selectors
-
💬 Annotations
-
💻 Insert an Annotation
Lesson 13: Securing your Application
-
💬 Scan a Running Container
-
💻 Tracee
-
💬 Security Contexts for Pods
-
💻 Understanding Security Contexts
-
💬 AppArmor Profiles
-
💻 AppArmor
-
💬 Isolate Container Kernels
-
💻 gVisor
Lesson 14: User Administration
-
💬 Contexts
-
💻 Contexts
-
💬 Authentication and Authorization
-
💬 Role Based Access Control
-
💻 Role Based Access Control
-
💻 RBAC Distributing Access
-
💬 Service Accounts
-
💻 Limit Pod Service Accounts
Lesson 15: Implementing Pod Policy
-
💬 Admission Controller
-
💻 Create a LimitRange
-
💬 Pod Security Standards
-
💻 Enable PSS
-
💬 Open Policy Agent
-
💻 Deploy Gatekeeper
Lesson 16: Securing Secrets
-
💬 Secrets
-
💻 Create and Consume Secrets
-
💬 Hashicorp Vault
Lesson 17: Securing the Network
-
💬 Networking Plugins
-
💬 NetworkPolicy
-
💻 Deploy a NetworkPolicy
-
💻 Namespace Network Policy
-
💬 mTLS
-
💻 mTLS with Linkerd
-
💻 Linkerd Dashboard
Lesson 18: Threat Analysis and Detection
-
💬 Active Threat Analysis
-
💬 Host Intrusion Detection
-
💬 Network Intrusion Detection
-
💬 Physical Intrusion Detection
Lesson 19: Continuing Education
-
💻 Continuing Education
-
💬 Curriculum Path: ContainerOrchestration