Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Introduction
Overview of the Kubernetes API and Security Features
- Access to HTTPS endpoints, Kubernetes API, nodes, and containers
- Kubernetes Authentication and Authorization features
How Hackers Attack Your Cluster
- How hackers find your etcd port, Kubernetes API, and other services
- How hackers execute code inside your container
- How hackers escalate their privileges
- Case study: How Tesla exposed its Kubernetes cluster
Setting up Kubernetes
- Choosing a distribution
- Installing Kubernetes
Using Credentials and Secrets
- The credentials life cycle
- Understanding secrets
- Distributing credentials
Controlling Access to the Kubernetes API
- Encrypting API traffic with TLS
- Implementing authentication for API servers
- Implementing authorization for different roles
Controlling User and Workload Capabilities
- Understanding Kubernetes policies
- Limiting resource usage
- Limiting container privileges
- Limiting network access
Controlling access to nodes
- Separating workload access
Protecting Cluster Components
- Restricting access to etcd
- Disabling features
- Changing, removing and revoking credentials and tokens
Securing Container Image
- Managing Docker and Kubernetes images
- Building secure images
Controlling Access to Cloud Resources
- Understanding cloud platform metadata
- Limiting permissions to cloud resources
Evaluating Third Party Integrations
- Minimizing the permissions granted to third party software
- Evaluating components that can create pods
Establishing a Security Policy
- Reviewing the existing security profile
- Creating a security model
- Cloud native security considerations
- Other best practices
Encrypting Inactive Data
- Encrypting backups
- Encrypting the entire disk
- Encrypting secret resources in etcd
Monitoring Activity
- Enabling audit logging
- Auditing and governing the software supply chain
- Subscribing to security alerts and updates
Summary and Conclusion
Requirements
- Previous experience working with Kubernetes
Audience
- DevOps engineers
- Developers
14 Hours
Delivery Options
Private Group Training
Our identity is rooted in delivering exactly what our clients need.
- Pre-course call with your trainer
- Customisation of the learning experience to achieve your goals -
- Bespoke outlines
- Practical hands-on exercises containing data / scenarios recognisable to the learners
- Training scheduled on a date of your choice
- Delivered online, onsite/classroom or hybrid by experts sharing real world experience
Private Group Prices RRP from €4560 online delivery, based on a group of 2 delegates, €1440 per additional delegate (excludes any certification / exam costs). We recommend a maximum group size of 12 for most learning events.
Contact us for an exact quote and to hear our latest promotions
Public Training
Please see our public courses
