3 arrows

Save as much as $500

closeClose

Securing Kubernetes

This intensive two-day hands-on course is designed to provide working platform operators and other technology professionals with a comprehensive introduction to the processes and practices around...

Read More
Course Code RX-M-SecKub
Duration 2 days
Available Formats Classroom
5946 Reviews star_rate star_rate star_rate star_rate star_half
Course Image

This intensive two-day hands-on course is designed to provide working platform operators and other technology professionals with a comprehensive introduction to the processes and practices around securing Kubernetes. Attendees will leave with a clear understanding of Kubernetes and container-based security concerns. Day one focuses on foundational security concerns including securing cloud native applications, container isolation, image security, and network policy/segmentation. On day two students will gain hands-on experience with Kubernetes authentication, control plane security, etcd security as well as RBAC configuration and management. The class concludes with a look at key logging and metrics monitoring as well as Kubernetes security auditing features. Upon completion of the course, attendees will have the skills and information necessary to effectively secure a production-grade Kubernetes cluster.

Skills Gained

This course is designed to provide operators with a comprehensive overview of Kubernetes security.

Prerequisites

Students should have taken the RX-M “Kubernetes Foundation” course or have equivalent knowledge. Each attendee must provide their own laptop with the ability to run a 64 bit virtual machine. Unconstrained internet access is also required to complete the labs.

Course Details

Day 1 - Security in a Containerized World

Cloud native application security

  • New attack vectors in cloud native systems
  • Perimeterless thinking
  • Defense in depth
  • Key security concerns for microservices
  • Best security practices for microservices

Container runtime security

  • CGroups and Namespaces
  • Capabilities
  • Devices
  • Page 2/2 © Copyright Wednesday, Aug 25, 2021, 5:15 PM RX-M LLC
  • SecComp, SELinux and AppArmour
  • CIS Security Benchmark

Container image security

  • Securing registry clients and servers
  • Content Trust
  • Image Signing
  • Image Scanning
  • Restricting image access

Network Security

  • SDN overview
  • Traffic segmentation
  • Network policy
  • Traffic encryption
  • Service mesh solutions

Day 2 - Kubernetes Security

Securing the Control Plane

  • Configuring the API Server for TLS and mutual auth
  • Configuring kubelet and kube-proxy for TLS
  • Configuring scheduler and CM for TLS
  • Configuring etcd for TLS and Auth
  • Configuring other services for TLS (kubectl, CoreDNS, etc.)

RBAC

  • K8s security, authentication and authorization concepts
  • Working with users, service accounts and namespaces
  • Configuring RBAC and defining roles
  • Integrating 3rd party auth (openid connect, LDAP, active directory, etc.)
  • Resource permissioning walk throughs

K8s attack vectors

  • Node security
  • Cluster state security (etcd)
  • Pod security
  • Control plane security
  • Admission control

Logging and Auditing

  • Kubernetes logging mechanisms
  • Identifying important logging alerts
  • Kubernetes metrics
  • Identifying key metric alerts
  • Kubernetes auditing and audit policy
Contact Us 1-800-803-3948
Contact Us
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward