Certified Kubernetes Security Specialist (CKS) Course

Description

This Kubernetes Security Specialist course provides foundational knowledge using concepts and hands-on demonstrations of the Kubernetes Cluster. In this course, we will be focusing more on the practical side, so make sure you have a running Kubernetes cluster. This course is focused on security. It deals with all aspects of security within the context of a Kubernetes environment. That means securing not only the Kubernetes cluster itself but also the applications running within the cluster. You will learn how to secure many different components of Kubernetes applications and environments. We are going to cover every topic such as cluster setup, creating an ingress, and securing an ingress. You will also learn cluster hardening, which includes RBAC, role, and role binding for a user. Further, you will learn system hardening, kernel hardening, minimizing microservice vulnerabilities, supply chain security, monitoring, logging, and runtime security. By the end of this Kubernetes course, you will gain in-depth knowledge about Kubernetes and be a Kubernetes security specialist. All resources and code files are placed here: https://github.com/PacktPublishing/A-Certified-Kubernetes-Security-Specialist-CKS-Course

What You Will Learn

Learn how to create a Kubernetes Cluster
Learn how to create default deny NetworkPolicy
Learn how to install Kubernetes Dashboard
Learn how to download and verify Kubernetes release
Explore role and role binding for a user
Learn how to create a Kubernetes cluster with the outdated version

Audience

This Docker course is designed for Kubernetes administrators, security specialists, and for those who want to master Certified Kubernetes Security Specialist.

You should already have some Kubernetes Administrator knowledge before attending this course.

Approach

This Docker course is very hands-on; it provides you with not only the theory but also real-life examples of developing Docker applications that you can try out on your own laptop.

Key Features

Deep technical insight into Kubernetes * Learn to use kubesec to perform static analysis using Docker image * Learn how to use Falco to find malicious processes

Github Repo

https://github.com/PacktPublishing/A-Certified-Kubernetes-Security-Specialist-CKS-Course

About the Author

Himanshu Sharma

Himanshu Sharma is an expert in Kubernetes, containers, and cloud-native infrastructure. He has more than 12 years of IT experience in a variety of industries, including medical devices, entertainment, enterprise software, and cloud computing. He is passionate about learning new technologies and believes the best way to learn is by doing it practically.

Course Outline

1. You Can Become a Certified Kubernetes Security Specialist (CKS)

2. Create Kubernetes Cluster

3. Cluster Setup - Use Network security policies to restrict cluster level access

4. Cluster Setup - Minimize use of, and access to, GUI elements

5. Cluster Setup - Properly set up Ingress objects with security control

6. Protect node metadata and endpoints

7. Use CIS benchmark to review the security configuration of Kubernetes components

8. Verify platform binaries before deploying

9. Cluster Hardening - RBAC (Role Based Access Control)

10. Exercise caution in using service accounts

11. Cluster Hardening - Restrict API Access

12. Cluster Hardening - Upgrade Kubernetes

13. Microservice Vulnerabilities - Manage Kubernetes Secrets

14. Use container runtime sandboxes in multi-tenant env (e.g. gvisor,kata container)

15. Microservice Vulnerabilities - OS Level Security Domains

16. Microservice Vulnerabilities - mTLS

17. Open Policy Agent (OPA)

18. Supply Chain Security - Image Footprint

19. Supply Chain Security - Static Analysis

20. Supply Chain Security - Image Vulnerability Scanning

21. Supply Chain Security - Secure Supply chain

22. Behavioral Analytics at host and container level

23. Runtime Security - Immutability of containers at runtime

24. Runtime Security - Auditing

25. System Hardening - Kernel Hardening