Kubernetes Security Training
0 of 124 lessons complete (0%)
Exit Course
Introduction
Course Introduction
Setup Introduction
2 lessons
Overview of Docker and Kubernetes Commands
Useful Docker Commands
Useful Kubernetes Commands
Kubernetes Krew Plugins
3 lessons
Kubernetes Attack surfaces
4C's of Cloud-Native Security
Kubernetes Threat Matrix
Different Attacking Scenarios
The Hack
Shell on All Nodes
Private Registry without Security
Checking out Environment Variables
DoS for Memory/CPU reosurces
Mis-configured RBAC Policies
Attacking Web App with SQL Injection
Getting Access to Nodes
Attacking Insecure Ports on the Cluster
12 lessons
Building Secure Cluster
Security Benchmark and CIS
CIS Tool in Linux
Kube-Bench: CIS Benhmark
Different Kubernetes Components
APIServer Configuration File
Kubelet Security
Verify Platform Binaries
Public Key Infrastructure (PKI) and Kubernetes Setup
Public Key Infrastructure and Let's Encrypt
PKI in Kubernetes
Exploring Network Ports used by different Cluster components
Exploring ETCD and enabling Encryption
Exploring ETCD
ETCD in Kubernetes
Encrypting Secrets Data at Rest
Ingress Controller and Ingress
Configuring Network Policy
Ingress Network Policy
Egress Network Policy
Node Metadata Protection
Cluster Upgrades
21 lessons
Accessing the Cluster Securely
Authentication
Normal Users
Service Accounts
Configuring Authorization using RBAC
Role and Bindings
Exploring RBAC Krew Plugins
Accessing Cluster
Accessing Cluster via kubectl
Accessing Cluster via REST API
Accessing Cluster with Programmatic access to the API
Accessing the API from a Pod
Configuring Service Accounts
Add ImagePullSecrets to a Service Account
Configuring Secure Access to the Dashboard
14 lessons
General OS Security
Least Privilege Principle
Understanding Userspace/Kernel Space
Minimize Host OS footprint
Overview of Systemcalls
Strace Tool
Aquasec Tracee
Minimize IAM Roles
Understanding Resource Isolation and Limiting
Understanding Linux Capabilities
AppArmor
AppArmor Commands
AppArmor in Kubernetes
Seccomp
Seccomp in Kubernetes
Limiting Network Access
Configuring Linux Firewall
CIS Benchmark of OS
17 lessons
Deploying the applications Securely
Container Runtime Sandoxes like Kata containers, gVisor
Configuring SecurityContext
Linux Capabilities
Allow Privilege Escalation
Enabling Read-Only FS
Enforcing Resource Limiting
Requests and Limits
Setting up defaults using LimitRange
Setting up ResourceQuota for a Namespace
Managing Secrets
Secrets as Environment Variables
Secrets as Volumes
Encrypting Secrets at ETCD
Policy Enforcement using OPA and Kyverno
Kubernetes Admission Controllers
Kyverno
Open Policy Agent (OPA)
What is mTLS?
Configuring mTLS
19 lessons
Images and Container Security
Understanding Container Runtimes
Containerd and ctr
Kubernetes and Container Runtimes
Container Images
UnionFS
Storage Drivers for Containers
Docker Images
Dockerfiles
Dockerfile from Image (dfimage)
Exploring Images with dive
Minimizing Image Footprint and Secure Images
Combine Multiple RUN Instructions
Multistage Dockerfiles
Run Applications as non-root user
Remove Shell Access
Make the root filesystem as read-only
Image Registries
Image Signing
Image Signing with Kyverno and Cosign
Container Privileged Mode
Sharing Namespaces between the host and container
CIS Benchmark for Docker
22 lessons
Secure CI/CD Practices
Static Analysis
KubeSec
OPA Conftest
Exploring Image Scanning Tools
Trivy
Clair
ImagePolicyWebhook
Configuring Whitelist Registries
Overview of GitOps
9 lessons
Runtime Security and Auditing
Kubernetes Auditing
What is Runtime Security?
Runtime Security using Falco
Falco on Linux
Falco on Kubernetes
5 lessons
Images and Container Security
Container Images
You don’t have access to this lesson
Please register or sign in to access the course content.
Take course
Sign in
Previous
Next