Course Outline
Introduction
Overview of the Kubernetes API and Security Features
- Access to HTTPS endpoints, Kubernetes API, nodes, and containers
- Kubernetes Authentication and Authorization features
How Hackers Attack Your Cluster
- How hackers find your etcd port, Kubernetes API, and other services
- How hackers execute code inside your container
- How hackers escalate their privileges
- Case study: How Tesla exposed its Kubernetes cluster
Setting up Kubernetes
- Choosing a distribution
- Installing Kubernetes
Using Credentials and Secrets
- The credentials life cycle
- Understanding secrets
- Distributing credentials
Controlling Access to the Kubernetes API
- Encrypting API traffic with TLS
- Implementing authentication for API servers
- Implementing authorization for different roles
Controlling User and Workload Capabilities
- Understanding Kubernetes policies
- Limiting resource usage
- Limiting container privileges
- Limiting network access
Controlling access to nodes
- Separating workload access
Protecting Cluster Components
- Restricting access to etcd
- Disabling features
- Changing, removing and revoking credentials and tokens
Securing Container Image
- Managing Docker and Kubernetes images
- Building secure images
Controlling Access to Cloud Resources
- Understanding cloud platform metadata
- Limiting permissions to cloud resources
Evaluating Third Party Integrations
- Minimizing the permissions granted to third party software
- Evaluating components that can create pods
Establishing a Security Policy
- Reviewing the existing security profile
- Creating a security model
- Cloud native security considerations
- Other best practices
Encrypting Inactive Data
- Encrypting backups
- Encrypting the entire disk
- Encrypting secret resources in etcd
Monitoring Activity
- Enabling audit logging
- Auditing and governing the software supply chain
- Subscribing to security alerts and updates
Summary and Conclusion
Requirements
- Previous experience working with Kubernetes
Audience
- DevOps engineers
- Developers
Delivery Options
Private Group Training
Our identity is rooted in delivering exactly what our clients need.
- Pre-course call with your trainer
- Customisation of the learning experience to achieve your goals -
- Bespoke outlines
- Practical hands-on exercises containing data / scenarios recognisable to the learners
- Training scheduled on a date of your choice
- Delivered online, onsite/classroom or hybrid by experts sharing real world experience
Private Group Prices RRP from €4560 online delivery, based on a group of 2 delegates, €1440 per additional delegate (excludes any certification / exam costs). We recommend a maximum group size of 12 for most learning events.
Contact us for an exact quote and to hear our latest promotions
Public Training
Please see our public courses