Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
Securing Kubernetes (CKS)
Description
Securing Kubernetes (CKS) Course Introduction
Welcome to the Securing Kubernetes (CKS) course, crafted to empower you with essential knowledge and skills for securing Kubernetes clusters. Designed for IT professionals aiming to enhance their expertise in Kubernetes environments, this course provides a deep dive into the critical security mechanisms and best practices necessary for protecting Kubernetes clusters. You’ll explore the fundamental aspects of Kubernetes security architecture, learn to implement stringent network policies, and master the art of securing containerized applications.
As the demand for secure cloud solutions escalates, Kubernetes remains at the forefront of secure container orchestration. This course will equip you with advanced knowledge on pivotal security features such as Secrets management, Role-Based Access Control (RBAC), and Security Contexts to safeguard your infrastructure. Through a series of practical, hands-on labs, you’ll apply what you’ve learned by securing Kubernetes clusters, configuring effective security protocols, and adhering to industry-standard security practices.
Gain the skills to not only prepare for the CKS exam but to also excel as a Kubernetes Security Specialist in today’s ever-evolving cloud landscape. This course is continually updated to reflect the latest Kubernetes security advancements, ensuring you remain proficient in the most current security tactics.
Securing Kubernetes (CKS) Course Objectives
- Understand and apply Kubernetes security architectures and network policies.
- Master the use of Kubernetes security tools like Secrets, RBAC, and Security Contexts.
- Implement security best practices and protocols to protect Kubernetes clusters.
- Conduct hands-on labs to configure and secure Kubernetes environments effectively.
- Prepare comprehensively for the CKS certification exam with practical knowledge and skills.
Prerequisites
To excel in this Kubernetes security course, students should have the following prerequisites:
- Experience with the core components of Kubernetes
- Suggested completion of the Certified Kubernetes Administrator course (prior experience is considered)
- Strong knowledge of Linux fundamentals
Audience
This Kubernetes security course is ideal for individuals in various roles, including:
- Security Professionals working with Kubernetes Clusters
- Container Orchestration Engineers
- DevOps Professionals
Securing Kubernetes (CKS) Course Objectives
Learning Your Environment
- Lecture: Underlying Infrastructure
- Lab: Using Vim
- Lab: Tmux
Cloud Security Primer
- Lecture: Basic Principles
- Lecture: Threat Analysis
- Lecture: Approach
- Lab: CIS Benchmarks
Securing Kubernetes Cluster
- Lecture: Kubernetes Architecture
- Lecture: Pods and the Control Plane
- Lecture: Kubernetes Security Concepts
- Install Kubernetes using kubeadm
- Lecture: Configure Network Plugin Requirements
- Lab: Configure Network Plugin Requirements
- Lecture: Kubeadm Basic Cluster
- Lab: Installing Kubeadm
- Lecture: Join Node to Cluster
- Lab: Join Node to Cluster
- Lecture: Kubeadm Token
- Lab: Manage Kubeadm Tokens
- Lecture: Kubeadm Cluster Upgrade
- Lab: Kubeadm Cluster Upgrade
Securing the kube-apiserver
- Lecture: Configuring the kube-apiserver
- Lab: Enable Audit Logging
- Lecture: Falco
- Lab: Deploy Falco to Monitor System Calls
- Lecture: Enable Pod Security Policies
- Lecture: Encrypt Data at Rest
- Lab: Encryption Configuration
- Lecture: Benchmark Cluster with Kube-Bench
- Lab: Kube-Bench
Securing ETCD
- Lecture: ETCD Isolation
- Lecture: ETCD Disaster Recovery
- Lecture: ETCD Snapshot and Restore
- Lab: ETCD Snapshot and Restore
Purge Kubernetes
- Lecture: Purge Kubeadm
- Lab: Purge Kubeadm
Image Scanning
- Lecture: Container Essentials
- Lecture: Secure Containers
- Lab: Creating a Docker Image
- Lecture: Scanning with Trivy
- Lab: Trivy
- Lecture: Snyk Security
Manually Installing Kubernetes
- Lecture: Kubernetes the Alta3 Way
- Lab: Deploy Kubernetes the Alta3 Way
- Lecture: Validate your Kubernetes Installation
- Lab: Sonobuoy K8s Validation Test
Kubectl (Optional)
- Lecture: Kubectl get and sorting
- Lab: kubectl get
- Lab: kubectl describe
Labels (Optional)
- Lecture: Labels
- Lab: Labels and Selectors
- Lecture: Annotations
- Lab: Insert an Annotation
Securing your Application
- Lecture: Scan a Running Container
- Lab: Tracee
- Lecture: Security Contexts for Pods
- Lab: Understanding Security Contexts
- Lecture: AppArmor Profiles
- Lab: AppArmor
- Lecture: Isolate Container Kernels
- Lab: gVisor
Pod Security
- Lecture: Pod Security Policies
- Lab: Deploy a PSP
- Lecture: Pod Security Standards
- Lab: Enable PSS
Open Policy Agent (OPA)
- Lecture: Admission Controller
- Lab: Create a LimitRange
- Lecture: Open Policy Agent
- Lecture: Policy as Code
- Lab: Deploy Gatekeeper
User Administration
- Lecture: Contexts
- Lab: Contexts
- Lecture: Authentication and Authorization
- Lecture: Role Based Access Control
- Lab: Role Based Access Control
- Lab: RBAC Distributing Access
- Lecture: Service Accounts
- Lab: Limit Pod Service Accounts
Securing Secrets
- Lecture: Secrets
- Lab: Create and Consume Secrets
- Lecture: Hashicorp Vault
- Lab: Deploy Vault
Securing the Network
- Lecture: Networking Plugins
- Lecture: NetworkPolicy
- Lab: Deploy a NetworkPolicy
- Lecture: mTLS
- Lab: Linkerd
- Lecture: mTLS with istio
- Lab: istio
Threat Detection
- Lecture: Active Threat Analysis
- Lecture: Host Intrusion Detection
- Lab: Deploy OSSEC
- Lecture: Network Intrusion Detection
- Lab: Deploy Suricata
- Lecture: Physical Intrusion Detection
Disaster Recovery
- Harsh Reality of Security
- Lecture: Deploy a Response Plan
- Lecture: Kasten K10 Backups
- Lab: Deploy K10
$2395.00
|
5 Days Course |