Certified Kubernetes Security Specialist (CKS)
Retail Price: $2,895.00
Next Date: 03/03/2025
Course Days: 5
Enroll in Next Date
Request Custom Course
At Course Completion
• Cluster Setup
• Cluster Hardening
• System Hardening
• Minimizing Microservices Vulnerabilities
• Supply Chain Security
• Monitoring, Logging and Runtime Security
• AI LLM prompt engineering for generating configuration snippets and solutions
Audience Profile
• This course is ideal for anyone holding a CKA certification and interested in or responsible for cloud security.
Prerequisites
- Working knowledge of Kubernetes and/or CKA
- Basic Linux skills are helpful.
- Familiarity with a text editor like vi, vim, or nano is helpful.
Outline
Cloud Security Primer
• Lecture: Basic Principles
• Lecture: Threat Analysis
• Lecture: Approach
• Lecture + Lab: CIS Benchmarks
Securing your Kubernetes Cluster
• Lecture: Kubernetes Architecture
• Lecture: Pods and the Control Plane
• Lecture: Kubernetes Security Concepts
Install Kubernetes using kubeadm
• Lecture: Configure Network Plugin Requirements
• Lecture + Lab: Configure Network Plugin Requirements
• Lecture: Kubeadm Basic Cluster
• Lecture + Lab: Installing Kubeadm
• Lecture: Join Node to Cluster
• Lecture + Lab: Join Node to Cluster
• Lecture: Kubeadm Token
• Lecture + Lab: Manage Kubeadm Tokens
• Lecture: Kubeadm Cluster Upgrade
• Lecture + Lab: Kubeadm Cluster Upgrade
Securing the kube-apiserver
• Lecture: Configuring the kube-apiserver
• Lecture + Lab: Enable Audit Logging
• Lecture: Falco
• Lecture + Lab: Deploy Falco to Monitor System Calls
• Lecture: Enable Pod Security Policies
• Lecture: Encrypt Data at Rest
• Lecture + Lab: Encryption Configuration
• Lecture: Benchmark Cluster with Kube-Bench
• Lecture + Lab: Kube-Bench
Securing ETCD
• Lecture: ETCD Isolation
• Lecture: ETCD Disaster Recovery
• Lecture: ETCD Snapshot and Restore
• Lecture + Lab: ETCD Snapshot and Restore
Purge Kubernetes
• Lecture: Purge Kubeadm
• Lecture + Lab: Purge Kubeadm
Image Scanning
• Lecture: Container Essentials
• Lecture: Secure Containers
• Lecture + Lab: Creating a Docker Image
• Lecture: Scanning with Trivy
• Lecture + Lab: Trivy
• Lecture: Snyk Security
Manually Installing Kubernetes
• Lecture: Kubernetes the Alta3 Way
• Lecture + Lab: Deploy Kubernetes the Alta3 Way
• Lecture: Validate your Kubernetes Installation
• Lecture + Lab: Sonobuoy K8s Validation Test
Kubectl (Optional)
• Lecture: Kubectl get and sorting
• Lecture + Lab: kubectl get
• Lecture + Lab: kubectl describe
Labels (Optional)
• Lecture: Labels
• Lecture + Lab: Labels and Selectors
• Lecture: Annotations
• Lecture + Lab: Insert an Annotation
Securing your Application
• Lecture: Scan a Running Container
• Lecture + Lab: Tracee
• Lecture: Security Contexts for Pods
• Lecture + Lab: Understanding Security Contexts
• Lecture: AppArmor Profiles
• Lecture + Lab: AppArmor
• Lecture: Isolate Container Kernels
• Lecture + Lab: gVisor
User Administration
• Lecture: Contexts
• Lecture + Lab: Contexts
• Lecture: Authentication and Authorization
• Lecture: Role Based Access Control
• Lecture + Lab: Role Based Access Control
• Lecture + Lab: RBAC Distributing Access
• Lecture: Service Accounts
• Lecture + Lab: Limit Pod Service Accounts
Implementing Pod Policy
• Lecture: Admission Controller
• Lecture + Lab: Create a LimitRange
• Lecture: Pod Security Standards
• Lecture + Lab: Enable PSS
• Lecture: Open Policy Agent
• Lecture + Lab: Deploy Gatekeeper
Securing Secrets
• Lecture: Secrets
• Lecture + Lab: Create and Consume Secrets
• Lecture: Hashicorp Vault
Securing the Network
• Lecture: Networking Plugins
• Lecture: NetworkPolicy
• Lecture + Lab: Deploy a NetworkPolicy
• Lecture + Lab: Namespace Network Policy
• Lecture: mTLS
• Lecture + Lab: mTLS with Linkerd
• Lecture + Lab: Linkerd Dashboard
Threat Analysis and Detection
• Lecture: Active Threat Analysis
• Lecture: Host Intrusion Detection
• Lecture: Network Intrusion Detection
• Lecture: Physical Intrusion Detection