Securing Kubernetes - (CKS)

Price
$2,595.00 USD

Duration
5 Days

 

Delivery Methods
Virtual Instructor Led
Private Group

Request More Information
Download Course Details
Course Details Only
Course Details & Schedule
Skip to Class Dates

Course Overview

This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stability while maximizing resource utilization for applications and services. Our Securing Kubernetes course emphasizes the skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment and runtime. As a security expert in the DEVOPS world, your role is to observe and track activity. This means you need to understand processes without inserting secure systems or gatekeepers into the process and slowing it down. You must be able to observe rapidly progressing devops processes and pinpoint which container, process, or subsystem causes a security concern.

Course Objectives

  • Cluster Setup
  • Cluster Hardening
  • System Hardening
  • Minimizing Microservices Vulnerabilities
  • Supply Chain Security
  • Monitoring, Logging and Runtime Security
  • AI LLM prompt engineering for generating configuration snippets and solutions

Who Should Attend?

This course is ideal for anyone holding a CKA certification and interested in or responsible for cloud security.
  • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
  • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
  • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
  • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
  • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
  • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

Course Prerequisites

  • Working knowledge of Kubernetes and/or CKA
  • Basic Linux skills are helpful.
  • Familiarity with a text editor like vi, vim, or nano is helpful.

Agenda

Learning Your Environment

  • Underlying Infrastructure
  • Using Vim
  • Tmux

Cloud Security Primer

  • Basic Principles
  • Threat Analysis
  • Approach
  • CIS Benchmarks

Securing your Kubernetes Cluster

  • Kubernetes Architecture
  • Pods and the Control Plane
  • Kubernetes Security Concepts

Install Kubernetes using kubeadm

  • Configure Network Plugin Requirements
  • Configure Network Plugin Requirements
  • Kubeadm Basic Cluster
  • Installing Kubeadm
  • Join Node to Cluster
  • Join Node to Cluster
  • Kubeadm Token
  • Manage Kubeadm Tokens
  • Kubeadm Cluster Upgrade
  • Kubeadm Cluster Upgrade

Securing the kube-apiserver

  • Configuring the kube-apiserver
  • Enable Audit Logging
  • Falco
  • Deploy Falco to Monitor System Calls
  • Enable Pod Security Policies
  • Encrypt Data at Rest
  • Encryption Configuration
  • Benchmark Cluster with Kube-Bench
  • Kube-Bench

Securing ETCD

  • ETCD Isolation
  • ETCD Disaster Recovery
  • ETCD Snapshot and Restore
  • ETCD Snapshot and Restore

Purge Kubernetes

  • Purge Kubeadm
  • 3?Purge Kubeadm

Image Scanning

  • Container Essentials
  • Secure Containers
  • Creating a Docker Image
  • Scanning with Trivy
  • Trivy
  • Snyk Security

Manually Installing Kubernetes

  • Kubernetes the Alta3 Way
  • Deploy Kubernetes the Alta3 Way
  • Validate your Kubernetes Installation
  • Sonobuoy K8s Validation Test

Kubectl (Optional)

  • Kubectl get and sorting
  • kubectl get
  • kubectl describe

Labels (Optional)

  • Labels
  • Labels and Selectors
  • Annotations
  • Insert an Annotation

Securing your Application

  • Scan a Running Container
  • Tracee
  • Security Contexts for Pods
  • Understanding Security Contexts
  • AppArmor Profiles
  • AppArmor
  • Isolate Container Kernels
  • gVisor

Pod Security

  • Pod Security Policies
  • Deploy a PSP
  • Pod Security Standards
  • Enable PSS

Open Policy Agent (OPA)

  • Admission Controller
  • Create a LimitRange
  • Open Policy Agent
  • Policy as Code
  • Deploy Gatekeeper

User Administration

  • Contexts
  • Contexts
  • Authentication and Authorization
  • Role Based Access Control
  • Role Based Access Control
  • RBAC Distributing Access
  • Service Accounts
  • Limit Pod Service Accounts

Securing Secrets

  • Secrets
  • Create and Consume Secrets
  • Hashicorp Vault
  • Deploy Vault

Securing the Network

  • Networking Plugins
  • NetworkPolicy
  • Deploy a NetworkPolicy
  • mTLS
  • Linkerd
  • mTLS with istio
  • istio

Threat Detection

  • Active Threat Analysis
  • Host Intrusion Detection
  • Deploy OSSEC
  • Network Intrusion Detection
  • Deploy Suricata
  • Physical Intrusion Detection

Disaster Recovery

  • Harsh Reality of Security
  • Deploy a Response Plan
  • Kasten K10 Backups
  • Deploy K10
 

Upcoming Class Dates and Times

Jul 15, 16, 17, 18, 19
9:00 AM - 5:00 PM
ENROLL $2,595.00 USD

Virtual: Online - CST
Sep 23, 24, 25, 26, 27
9:00 AM - 5:00 PM
ENROLL $2,595.00 USD

Virtual: Online - CST
Nov 18, 19, 20, 21, 22
9:00 AM - 5:00 PM
ENROLL $2,595.00 USD

Virtual: Online - CST
 



Do You Have Additional Questions? Please Contact Us Below.

contact us contact us 
 
Contact Us about Starting Your Business Training Strategy with New Horizons