Certified Kubernetes Security Specialist (CKS) Course

Certified Kubernetes Security Specialist (CKS) Course

by Himanshu Sharma
Released May 2022
Publisher(s): Packt Publishing
ISBN: 9781803237114

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

This Kubernetes Security Specialist course provides foundational knowledge using concepts and hands-on demonstrations of the Kubernetes Cluster.

In this course, we will be focusing more on the practical side, so make sure you have a running Kubernetes cluster. This course is focused on security. It deals with all aspects of security within the context of a Kubernetes environment. That means securing not only the Kubernetes cluster itself but also the applications running within the cluster.

You will learn how to secure many different components of Kubernetes applications and environments. We are going to cover every topic such as cluster setup, creating an ingress, and securing an ingress. You will also learn cluster hardening, which includes RBAC, role, and role binding for a user.

Further, you will learn system hardening, kernel hardening, minimizing microservice vulnerabilities, supply chain security, monitoring, logging, and runtime security.

By the end of this Kubernetes course, you will gain in-depth knowledge about Kubernetes and be a Kubernetes security specialist.

What You Will Learn

  • Learn how to create a Kubernetes Cluster
  • Learn how to create default deny NetworkPolicy
  • Learn how to install Kubernetes Dashboard
  • Learn how to download and verify Kubernetes release
  • Explore role and role binding for a user
  • Learn how to create a Kubernetes cluster with the outdated version

Audience

This Docker course is designed for Kubernetes administrators, security specialists, and for those who want to master Certified Kubernetes Security Specialist.

You should already have some Kubernetes Administrator knowledge before attending this course.

About The Author

Himanshu Sharma: Himanshu Sharma is an expert in Kubernetes, containers, and cloud-native infrastructure. He has more than 12 years of IT experience in a variety of industries, including medical devices, entertainment, enterprise software, and cloud computing. He is passionate about learning new technologies and believes the best way to learn is by doing it practically.

Table of contents

  1. Chapter 1 : Become a Certified Kubernetes Security Specialist (CKS)
    1. Certified Kubernetes Security Specialist (CKS)
  2. Chapter 2 : Create Kubernetes Cluster
    1. Create Kubernetes Cluster and Look at Some Errors
  3. Chapter 3 : Cluster Setup – Use Network Security Policies to Restrict Cluster Level Access
    1. Introduction to NetworkPolicy
    2. Create Default Deny NetworkPolicy
    3. Create Egress and Ingress Rules
    4. Create Another Network Policy for Different Name Space
  4. Chapter 4 : Cluster Setup – Minimize Use of and Access to GUI Elements
    1. Install Kubernetes Dashboard
    2. Insecure Access from Outside
    3. RBAC for Kubernetes Dashboard
  5. Chapter 5 : Cluster Setup – Properly Set Up Ingress Objects with Security Control
    1. Create an Ingress
    2. Secure an Ingress
  6. Chapter 6 : Protect Node Metadata and Endpoints
    1. Accessing Node Metadata
    2. Protect Node Metadata Through NetworkPolicy
  7. Chapter 7 : Use CIS Benchmark to Review the Security Configuration of Kubernetes Components
    1. kube-bench
  8. Chapter 8 : Verify Platform Binaries before Deploying
    1. How to Delete the Custom Network
    2. Verify apiserver Binary Running in Our Cluster
  9. Chapter 9 : Cluster Hardening - RBAC
    1. RBAC - Role and Rolebinding
    2. Role and Rolebinding for a User
    3. ClusterRole and ClusterRoleBinding
    4. Accounts and Users
    5. CertificateSigningRequests
  10. Chapter 10 : Exercise Caution in Using Service Accounts
    1. Introduction
    2. Pod Uses Custom ServiceAccount
    3. Disable ServiceAccount Mounting
    4. Limit ServiceAccounts Permissions Using RBAC to Edit Resources
  11. Chapter 11 : Cluster Hardening – Restrict API Access
    1. Enable/Disable Anonymous Access
    2. Let's Perform a Manual API Request
    3. External APIserver Access
    4. NodeRestriction AdmissionController
  12. Chapter 12 : Cluster Hardening – Upgrade Kubernetes
    1. Verify NodeRestriction
    2. Introduction
    3. Create a Cluster with the Old Version
    4. Upgrade Master and Worker Node
  13. Chapter 13 : Microservice Vulnerabilities – Manage Kubernetes Secrets
    1. Create Secret
    2. Hack Secrets in Docker
    3. Hack Secrets in ETCD
    4. ETCD Encryption
    5. ETCD Encryption -2
  14. Chapter 14 : Use Container Runtime Sandboxes in a Multi-Tenant Environment
    1. Calling Linux Kernel from Inside a Container
    2. Open Container Initiative (OCI)
    3. Crictl
    4. Create and Use RuntimeClasses
  15. Chapter 15 : Microservices Vulnerabilities – OS Level Security Domains
    1. Set Container User and Group (Security Context)
    2. Force Container Non-Root
    3. Privileged Containers
    4. PrivilegeEscalation
    5. Create and Enable PodSecurityPolicy
  16. Chapter 16 : Microservices Vulnerabilities – mTLS
    1. Introduction
    2. Create a Sidecar Proxy
  17. Chapter 17 : Open Policy Agent (OPA)
    1. Introduction OPA
    2. Install OPA Gatekeeper
    3. Deny All Policy
    4. Enforce Namespace Labels
  18. Chapter 18 : Supply Chain Security – Image Footprint
    1. Reduce Image Footprint with Multi-Stage
    2. Secure and Harden Images
  19. Chapter 19 : Supply Chain Security – Static Analysis
    1. Kubesec
    2. Use kubesec to Perform Static Analysis Using Docker Image
    3. OPA Conftest
    4. OPA Conftest for Dockerfile
  20. Chapter 20 : Supply Chain Security – Image Vulnerability Scanning
    1. Use Trivy to Scan Images
  21. Chapter 21 : Supply Chain Security – Secure Supply Chain
    1. Image Digest
    2. Whitelist Registries with OPA
  22. Chapter 22 : Behavioral Analytics at Host and Container Level
    1. Strace
    2. Strace and /proc on ETCD
    3. Access /proc and env Variables from the Inside Pod
    4. FALCO
    5. Use Falco to Find Malicious Processes
    6. Investigate Falco Rules
    7. Change Falco Rules
  23. Chapter 23 : Runtime Security – Immutability of Containers at Runtime
    1. Introduction
    2. StartupProbe
    3. SecurityContext Renders Container Immutable
  24. Chapter 24 : Runtime Security - Auditing
    1. Introduction
    2. Audit Policy
    3. Enable Audit Logging in Apiserver
    4. Create a Secret and Check Audit Logs
  25. Chapter 25 : System Hardening – Kernel Hardening
    1. AppArmor
    2. AppArmor for Curl
    3. AppArmor for Docker Nginx
    4. AppArmor for Kubernetes Nginx
    5. Seccomp
    6. Seccomp for Docker Nginx
    7. Seccomp for Kubernetes Nginx

Product information

  • Title: Certified Kubernetes Security Specialist (CKS) Course
  • Author(s): Himanshu Sharma
  • Release date: May 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781803237114