Kubernetes Security (en)
This course covers a wide range of topics essential to ensuring security and compliance in a Kubernetes environment. Students will learn how to configure auditing, manage authentication and authorization, use OPA to define custom security policies, implement security restrictions, and enable encryption. Several tools such as Kube-Bench, Notary and Falco will also be explored to improve cluster security. The course provides a solid foundation for protecting and maintaining compliance of your Kubernetes environment.Â
CODÂ : DSK303
Category : Kubernetes
Teaching methodology
The course includes educational laboratories in which each student will be able to work in order to complete training exercises that will provide practical experience in using the instrument, for each of the topics covered during the course.
Prerequisites
- It is strongly recommended to have completed the DSK101, DSK102, DSK200 and DSK201 courses.
- Fair knowledge of Kubernetes: it is critical to have a good understanding of the fundamental concepts of Kubernetes, such as creating and managing pods, services, and network resources.
- Familiarity with cybersecurity: it is advisable to have a basic understanding of cybersecurity principles, such as authentication, authorization, encryption.
- Experience with systems and network administration: it is helpful to have basic skills in systems administration, including concepts such as file systems, access permissions, process management, and network configuration.
- Good knowledge of containers: it is critical to be familiar with basic container concepts, such as creating and running containers, image management, and configuring container networks.
- Familiarity with Kubernetes security best practices: it is helpful to have knowledge of Kubernetes-specific security best practices, such as configuring roles and permissions, container image management, and network policies.
At the end of the course the participants will be able to:
- Understand the main concepts of security and compliance in a Kubernetes environment.
- Configure auditing in the Kubernetes cluster to monitor security activities and events.
- Manage authentication and authorization in the cluster using different strategies and technologies.
- Use Open Policy Agent (OPA) to define and enforce custom security policies in the cluster.
- Apply Kubernetes Security Contexts to define security restrictions on pods and containers.
- Enable encryption at rest on the Kubernetes cluster.
- Implement system hardening techniques using tools such as AppArmor to reduce attack surfaces.
- Use RuntimeClass with gVisor to provide advanced container runtime isolation.
- Use Kube Bench to assess cluster security against Center for Internet Security (CIS) guidelines.
- Assess cluster compliance against CIS guidelines using the CIS Assessment Tool.
- Analyze container images to identify and mitigate security vulnerabilities.
- Digitally sign container images using Notary to ensure their authenticity and integrity.
- Monitor suspicious activity in the cluster using Falco, a rule-based threat detection tool.
Educational program
- AuditingÂ
- AuthenticationÂ
- OIDC Authentication with LDAPÂ
- OPA – Part 1Â
- OPA – Part 2Â
- Pod Service AccountÂ
- Security ContextÂ
- Encryption at RestÂ
- System Hardening with AppArmorÂ
- Kube BenchÂ
- Image AnalysisÂ
- Sign image with NotaryÂ
- CIS Assesment ToolÂ
- RuntimeClass with gVisorÂ
- FalcoÂ
Duration – 1 day
Delivery – in Classroom, On Site, Remote
PC and SW requirements:
- Internet connection
- Web browser, Google Chrome
- Zoom
Language
- Instructor: English
- Workshops: English
- Slides: English
The price of this two-day course is € 1100 + VAT.
