Kubernetes Security

Btech

This course provides knowledge of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime. This course concerns for cloud production environments and covers topics related to the security container supply chain, discussing topics from before a cluster has been configured through deployment, and ongoing, as well as agile use, including where to find ongoing security and vulnerability information. The course includes hands-on labs to build and secure a Kubernetes cluster, as well as monitor and log security events.

Audience
System Administrators, Cloud Administrators, Security Engineer, Developers

Prerequisites
Docker for Development and Operations (DO-OPS) Training, Kubernetes Administration (K9-ADM)

Outline

Course Introduction
Cloud Security Overview
Container Runtime Overview
Mitigating Kernel Vulnerabilities
Deploy Secure Kubernetes Cluster
Securing Kube API Server
Image Security Analysis
Container Security Analysis
Kubernetes Audit
Kubernetes Network Policy
Kubernetes Workload Considerations
Pod Security Policy
Certified Kubernetes Security Exam Preparation

Daftar pratayang modul materi Kubernetes Security

Berikut ini adalah daftar judul modul dan bab dari Kubernetes Security, untuk memiliki akses materi secara penuh, silahkan ikuti kelas ini.

Modul Cloud Security Overview

1. What is Security?
2. Basic Principles
3. Attack Sources
4. Types of Attacks
5. The 4Cs of Security
6. NIST Cybersecurity Framework
7. CIS Benchmarks
8. kube-bench
9. High Value Asset Protection
10. Improve Security Team Culture
11. Limit Access
12. Lab 1.1 Lab Preparation

Modul Deploy Secure Kubernetes Cluster

1. Where Do Your Images Come From
2. Container Runtime
3. RuntimeClass
4. gVisor
5. Kata
6. Trusted Packages
7. Gatekeeper
8. Protect the Kernel
9. Finding Kernel Vulnerabilities
10. Lab 2.1 Deploy Multi Master Multi Worker Kubernetes Cluster
11. Lab 2.2 Implement Container Runtime Sandbox gVisor
12. Lab 2.3 kube-bench
13. Quis

Modul Secure the kube-apiserver

1. Enable Audit Log
2. Configure API Auditing
3. Audit Policy
4. Role Based Access Control
5. RBAC Role and ClusterRole
6. RBAC RoleBinding
7. Pod Security Policies (PSP)
8. Identity and Access Management
9. Persistent State from etcd
10. Start Using Service Accounts
11. Create a Role
12. Bind the Role
13. Lab 3.1 Enabling API Server Auditing
14. Lab 3.2 Limiting Access Control with RBAC
15. Lab 3.3 Security Context
16. Lab 3.4 Pod Security Policies
17. Lab 3.5 OPA Gatekeeper
18. Quis

Modul Networking

1. Kubernetes Network
2. Services and Firewalls
3. Terms and Expressions
4. Stateful vs Stateless
5. Several Network Plugins
6. Chains (of Rules) & Tables (of Chains)
7. Netfilter
8. Netflier (.cont)
9. Firewalld
10. Ingress Controller
11. Service Mesh
12. mTLS
13. Network Policies
14. Lab 4.1 Implement Network Security Policy
15. Lab 4.2 Configure an Ingress Controller
16. Lab 4.3 Configure mTLS (Linkerd)
17. Quis

Modul Workload Consideration

1. Trivy
2. Falco
3. SELinux Overview & Enforcement Modes
4. Seccomp & Apparmor
5. Lab 5.1 Check Image Vulnerablility using Tryvy
6. Lab 5.2 Check Image Vulnerablility using Docker Scan
7. Lab 5.3 Using Falco to Monitor Audit Events
8. Quis

Modul Comprehensive Review

1. Lab Comprehensive Review
2. Preparing for the Exam
3. Finding Exam Information