All you need for your Certified Kubernetes Security Specialist (CKS) preparation!
I will present each CKS topic in a simple and visual way. We'll run through various practical hands-on challenges.
You'll setup own CKS cluster in which you'll learn, simple install scripts are provided.
Instead of creating your own cluster you can also use the in-browser playground for mostly everything: killercoda.com/killer-shell-cks/scenario/playground.
There are additional in-browser interactive scenarios to further study and harden your knowledge!
Killercoda Scenarios: github.com/killer-sh/cks-course-environment/blob/master/Scenarios.md
Section Resources: github.com/killer-sh/cks-course-environment/blob/master/Resources.md
Github: github.com/killer-sh/cks-course-environment
Slack Community: killer.sh/slack (channel cks)
Chapters:
00:00:00 Introduction and Welcome
00:02:50 K8s Security Best Practices
00:13:07 Create your course K8s cluster
00:35:49 Crictl instead of Docker
00:38:02 Foundation - Kubernetes Secure Architecture
00:57:27 Foundation - Containers under the hood
01:18:12 Cluster Reset
01:18:53 Cluster Setup - Network Policies
01:46:54 Cluster Setup - GUI Elements
02:02:06 K8s Docs Version
02:02:48 Cluster Setup - Secure Ingress
02:23:54 Cluster Setup - Node Metadata Protection
02:34:13 Cluster Setup - CIS Benchmarks
02:47:47 Cluster Setup - Verify Platform Binaries
02:58:23 Cluster Hardening - RBAC
03:31:26 Cluster Hardening - Exercise caution in using ServiceAccounts
03:49:06 Cluster Hardening - Restrict API Access
04:17:25 Cluster Hardening - Upgrade Kubernetes
04:38:59 Microservice Vulnerabilities - Manage Kubernetes Secrets
05:26:44 Microservice Vulnerabilities - Container Runtime Sandboxes
05:55:19 Microservice Vulnerabilities - OS Level Security Domains
06:12:01 Microservice Vulnerabilities - mTLS
06:27:12 Cluster Reset
06:27:54 Open Policy Agent (OPA)
07:07:33 Supply Chain Security - Image Footprint
07:29:37 Supply Chain Security - Static Analysis
07:52:39 Supply Chain Security - Image Vulnerability Scanning
08:06:26 Supply Chain Security - Secure Supply Chain
08:32:01 Runtime Security - Behavioral Analytics at host and container level
09:16:36 Runtime Security - Immutability of containers at runtime
09:34:24 Runtime Security - Auditing
10:06:46 System Hardening - Kernel Hardening Tools
10:45:41 System Hardening - Reduce Attack Surface
11:05:20 CKS Simulator
Please expect this course to take more time than just the recorded hours. For most topics you'll need some time to implement the scenarios yourself. Also breaks (hours or even days) between sections/topics should be advised to prevent brain implosion :)
You should already have some Kubernetes Administrator knowledge before attending this course. And if you like to attend the real CKS exam you need to hold a valid CKA certification. But I also do some recap of CKA knowledge at the beginning, so no worries if your knowledge is a bit stale.
Would you like to support this course? Consider subscribing to the Killercoda PLUS membership, even if just for a month! killercoda.com/pricing
Happy learning,
Team Killer Shell
#kubernetes #k8s #cks #security #devops #devsecops #container #docker #linux