Overview
CN330 Advanced Kubernetes Security is a comprehensive course designed to equip participants with the skills and knowledge required to implement robust security measures throughout the Kubernetes deployment pipeline. From code to production clusters, students will delve into topics such as declarative configuration analysis, container image scanning, CIS benchmark scanning, and attack vector identification and mitigation within Kubernetes environments.
Objectives
By the end of this course, leaner will be able to:
- Understand the Kubernetes threat model and security maturity.
- Implement system hardening techniques for Kubernetes environments.
- Gain proficiency in securing cluster objects and performing cluster hardening.
- Minimize vulnerabilities in microservices and secure the container supply chain.
- Establish effective monitoring, logging, and runtime security practices.
Prerequisites
- Basic understanding of Kubernetes architecture and operations.
- Familiarity with containerization concepts and container orchestration.
- Knowledge of system administration and security principles.
- Proficiency in using Chrome or Firefox browsers.
- Access to a laptop with WiFi connectivity.
Course Outline
- Overview of Kubernetes threat models and security maturity levels.
- Identifying common security challenges in Kubernetes environments.
- Introduction to security best practices and compliance frameworks.
- Implementing system hardening measures for Kubernetes nodes.
- Securing host OS, kernel, and network configurations.
- Utilizing tools like SELinux, AppArmor, and sysctl for system hardening.
- Exploring key security objects in Kubernetes clusters (e.g., PodSecurityPolicy, NetworkPolicy).
- Implementing security best practices for various Kubernetes objects (e.g., deployments, services, secrets)
- Identifying common vulnerabilities in microservices architecture.
- Implementing security measures at the application level (e.g., input validation, authentication, authorization).
- Integrating vulnerability scanning tools into CI/CD pipelines.
- Ensuring integrity and security of container images throughout the supply chain.
- Implementing image scanning and signing mechanisms.
- Leveraging container registries with built-in security features (e.g., Docker Content Trust, Notary, Harbor).