Courses and certifications Open Source
Kubernetes Security
Price (without VAT)
The "Kubernetes Security" course provides a comprehensive look at securing environments running on the Kubernetes platform. Each section of the course covers key aspects of security, from authentication and authorization to managing and securing sensitive data and monitoring traffic. Through interactive exercises, attendees will have the opportunity to practically apply the knowledge gained, including implementing security measures in real-world Kubernetes environments. In addition, advanced topics such as securing incoming connections or networks will be discussed. The course concludes with a section focused on the proper evaluation of key security practices in a Kubernetes environment. This course is suitable for professionals who are interested in securing and managing Kubernetes environments and want to gain practical skills to address security challenges.
Cílová skupina
- Application developers
- Cloud Platform Engineer
- IT Systems Designers
- Architects
Cíle kurzu
The goal of the course is to provide participants with the comprehensive knowledge and skills needed to secure environments running on the Kubernetes platform. The course focuses on practical implementations of security measures, including authentication, authorization, sensitive data management and monitoring, so that participants are able to effectively address key security challenges in Kubernetes environments. You'll put everything to the test in hands-on exercises during the course.
Osnova
1. Introduction
- A brief overview of Kubernetes
- Why Kubernetes security is critical
- Key security challenges in a Kubernetes environment
2. Authentication and authorization
- Authentication methods in Kubernetes
- Service accounts
- OIDCRole Based Access Control (RBAC)
- Creating and managing roles and role bindings
- Practical exercise: Implementing RBAC for a sample application
3. Security of pods
- Pod Security Contexts
- OIDC / IRSA
- podSecurityContext
- Practical exercise: securing a vulnerable pod using PSP
4. Network policies
- Introduction to Kubernetes networking
- Implementing network policies
- Limiting communication between pods
- Hands-on exercise: implementing a network policy for namespace isolation
5. Secrets Management
- How Kubernetes manages secrets
- Best practices for managing secrets
- Tools: Sealed Secrets, Vault, etc.
- Secure secrets management using Vault
6. Monitoring and logging
- The importance of monitoring in security
- Tools: Prometheus, Grafana, ELK/EFK stack
- Setting up basic monitoring and alerting on suspicious activity
7. Image security
- Docker image vulnerabilities
- Scanning images with tools like Trivy or Clair
- Signing and trusting images with Notary
- Hands-on exercise: scanning and fixing image vulnerabilities
8. Security in CI/CD
- Securing the CI/CD pipeline
- Integrating security controls into the CI/CD process
- Practical exercise: Adding security controls to the CI/CD pipeline
9. Overview of advanced topics
- Admission controllers
- Service mesh security (Istio, Linkerd)
- Threat detection in Kubernetes: Falco
10. Clean-Up & Best Practices Recap
- Clean-up of resources created during the workshop
- Review of key security best practices
- Q&A Session
11. Conclusion and next steps
- Additional educational resources and certifications
- Safety communities you can join
Prerequisites
- Running commands over SSH
- Basic understanding of networking
Technical requirements (BYOD)
- Basic knowledge of how Kubernetes works within the scope of the basic course
- Basic understanding of networking (IP address, DNS record)
- Running command line commands on the participants' machines (kubectl)
- Editing YAML files
- Basic knowledge of how containers work (e.g. Docker)
- Understanding of the limitations of container versus non-container processes