Course Outline
Introduction
Overview of the Kubernetes API and Security Features
- Access to HTTPS endpoints, Kubernetes API, nodes, and containers
- Kubernetes Authentication and Authorization features
How Hackers Attack Your Cluster
- How hackers find your etcd port, Kubernetes API, and other services
- How hackers execute code inside your container
- How hackers escalate their privileges
- Case study: How Tesla exposed its Kubernetes cluster
Setting up Kubernetes
- Choosing a distribution
- Installing Kubernetes
Using Credentials and Secrets
- The credentials life cycle
- Understanding secrets
- Distributing credentials
Controlling Access to the Kubernetes API
- Encrypting API traffic with TLS
- Implementing authentication for API servers
- Implementing authorization for different roles
Controlling User and Workload Capabilities
- Understanding Kubernetes policies
- Limiting resource usage
- Limiting container privileges
- Limiting network access
Controlling access to nodes
- Separating workload access
Protecting Cluster Components
- Restricting access to etcd
- Disabling features
- Changing, removing and revoking credentials and tokens
Securing Container Image
- Managing Docker and Kubernetes images
- Building secure images
Controlling Access to Cloud Resources
- Understanding cloud platform metadata
- Limiting permissions to cloud resources
Evaluating Third Party Integrations
- Minimizing the permissions granted to third party software
- Evaluating components that can create pods
Establishing a Security Policy
- Reviewing the existing security profile
- Creating a security model
- Cloud native security considerations
- Other best practices
Encrypting Inactive Data
- Encrypting backups
- Encrypting the entire disk
- Encrypting secret resources in etcd
Monitoring Activity
- Enabling audit logging
- Auditing and governing the software supply chain
- Subscribing to security alerts and updates
Summary and Conclusion
Requirements
- Previous experience working with Kubernetes
Audience
- DevOps engineers
- Developers
Testimonials (7)
We get to see a little of everything
Luis Manuel Navarro Rangel - Vivelink S.A. de C.V.
Course - Docker and Kubernetes
Machine Translated
Przykłady z rzeczywistych zastosowań
Łukasz - Rossmann SDP Sp. z o.o.
Course - Docker (introducing Kubernetes)
Hands on exercises
Tobias - Elisa Polystar
Course - Docker and Kubernetes: Building and Scaling a Containerized Application
The availability of the virtual desktop as form of sandbox for the participants to tinker with is great!
Benedict - Questronix Corporation
Course - OpenShift 4 for Administrators
The hands-on exercises were extremely important to consolidate learning. The in-depth explanation of how things work under the hood made everything clearer.
Otavio Marchioli dos Santos - ExitLag
Course - Kubernetes from Basic to Advanced
Machine Translated
Concepts learnt and how to set up the k8 clusters
Sekgwa Ramatshosa - Vodacom SA
Course - Kubernetes on AWS
The explanation and background of each concept, to get a better understanding