Kubernetes Security Best Practices you need to know | THE Guide for securing your K8s cluster!

Поділитися
Вставка
  • Опубліковано 23 гру 2024

КОМЕНТАРІ • 141

  • @TechWorldwithNana
    @TechWorldwithNana  2 роки тому +17

    Please share with others, which K8s security best practice is important, which I didn't mention?
    💙 Become a Kubernetes Administrator ► bit.ly/420TrA7
    💚 Become a DevOps Engineer - full educational program ► bit.ly/3q7Ir6X
    💛 Follow me on IG for behind-the-scenes-content ► bit.ly/2F3LXYJ
    💡 Sign up to get notified about new upcoming courses ► www.techworld-with-nana.com/course-roadmap

  • @ayushsitoke2456
    @ayushsitoke2456 2 роки тому +43

    Awesome!
    1. Do Image Scanning for vulnerability
    2. Avoid root user for running container
    3. Manage User & Permission - RBAC
    4. Use Network policies or service mesh
    5. Encrypt Communication
    6. Secure secret data
    7. Secure etcd
    8. Backup & Restore
    9. Configure security policies
    10. Disaster Recovery

    • @aliandy.jf.nababan
      @aliandy.jf.nababan Рік тому

      You're right, Nana is very good presenting concept basis for developer knowledge, especially when presenting strength weakness opportunity threat (SWOT) analisis kind of comparison of different DevOps tools👍

    • @dattavr
      @dattavr Рік тому +4

      So basically, protection at 3 layers,
      1. Network
      2. Application
      3. Data
      All above 10 points are in these category

  • @BDubzDM21
    @BDubzDM21 2 роки тому +6

    I learned more from this 30 Minute video than I did the entire Linux Foundation Kubernetes Security Essentials course. Thanks!

  • @kameh4522
    @kameh4522 2 роки тому +13

    These security best practices are at root based on several infosec standards such as iso27001, and you have applied these for K8s beautifully.

  • @bengalivoyages
    @bengalivoyages 2 роки тому +2

    The more I watch your youtube videos, more it clarify basics of each K8s components!!! you are the best...!

  • @kamleshmak23
    @kamleshmak23 2 роки тому +2

    Thanks for always an easy to follow content and giving me more knowledge

  • @adityashashankaneti940
    @adityashashankaneti940 2 роки тому +4

    The word "best teacher" is too not enough to describe you. Thank you 🙏🙏🙏

  • @dsha256
    @dsha256 2 роки тому +39

    Nana, your explanation skills are just great, as usual! 🙏❤️

  • @jennyfreckleface
    @jennyfreckleface Рік тому +5

    Best cloud and K8S security content. Bravo. Thank you for sharing.

  • @DejiAdegbite
    @DejiAdegbite 8 днів тому

    This is the best video on this topic that I've ever seen.

  • @kiannec2890
    @kiannec2890 2 роки тому +9

    Very helpful and made my day since I’ve been figuring out how to do this and I learned it so quick as I clicked into this video,thanks girl

  • @rajrathor6505
    @rajrathor6505 2 роки тому +1

    Nana, I love the way you explain each and every point. You are the best Teacher in the world. Thanks and appreciate all your hard work.

  • @lovehumanrace
    @lovehumanrace 10 місяців тому +2

    Fantastic overview! Just what I was looking for. Thank you. 🙏

  • @picapicatchof8309
    @picapicatchof8309 10 місяців тому

    Hi, first of all I would like to thank you for your great effort to explain us the k8s cybersecurity issues and how to mitigate threats related to its deployment, just one the most important thing that also can improve the K8s security is the log management, it give you the possibility to control and monitor security issues in real time using for example syslog protocol to collect and treat them in a centralized areas. So, if you can focus on this issue in next time. Thanks.

  • @walterpalladino1965
    @walterpalladino1965 2 роки тому +5

    First of all this was a great video on this series. I have a question related to the point 10. You marked this as result of a successful attack but, if you just restore the cluster, could get attacked the same way so, there are any tool that lets you identify how it happened to solve the related security flaws? Thank you in advance.

  • @vikrama736
    @vikrama736 2 роки тому +5

    This is such a great stuff and important too! Thanks Nana! The best tutor!

  • @princeugly3457
    @princeugly3457 2 роки тому +2

    Thank you Nana, your content always great and easy to understand.

  • @sagarahire6531
    @sagarahire6531 2 роки тому +2

    Much needed video...was wondering about the security of kubernetes...You're being a Santa just keep fulfilling the wishes...Thanks for your time and effort

  • @user-ano-x5c
    @user-ano-x5c Рік тому

    Nice Explanation..
    Also one of the best practices to secure Etcd is to encrypt it..

  • @tbugaevsky
    @tbugaevsky 2 роки тому +1

    Security is a very important thing to take care of, thank you.

  • @remyzandwijk
    @remyzandwijk 2 роки тому +2

    Excellent and very helpful video. Thanks Nana!

  • @jamalakhaligova9125
    @jamalakhaligova9125 6 днів тому +1

    Amazing! Very useful, thanks for the great content :)

  • @CloudSecurityGuy
    @CloudSecurityGuy 2 роки тому +3

    Awesome video !

  • @YawadoudouAllahou
    @YawadoudouAllahou Рік тому

    Nama you are pedagogical breaking down this security .Thanks

  • @rakeshnalagandla7746
    @rakeshnalagandla7746 Рік тому +1

    Great video. Thank you so much. Can you suggest a enterprise grade tool that helps with most of these best practices rather than using different tools for each type

  • @narasimhachinimilly
    @narasimhachinimilly 2 роки тому +3

    Really awesome, appreciate how you organized the content. Happy to learn good things.😀

  • @pareshpatel493
    @pareshpatel493 2 роки тому +1

    As usual, PERFECT. God Bless you.

  • @vijaykumar-x3z7w
    @vijaykumar-x3z7w Місяць тому

    great and very helpful content Nana, thank you so much for your efforts

  • @felipeozoski
    @felipeozoski 2 роки тому +1

    Great stuff as usual!!

  • @md.ishtayaqueahmad3170
    @md.ishtayaqueahmad3170 Рік тому +1

    Very well explained. Thank you very much for sharing such informative video.

  • @review.masahiro
    @review.masahiro Рік тому

    love your content and clear explanation. it is 10/10 from me. thank you nana

  • @c1i2s3c4o5
    @c1i2s3c4o5 2 роки тому +6

    Great video Mam !!!, a very core feature which is rarely being used in companies for implementing k8s security,
    kindly also cover Locking Down Kubelet as its a backdoor for api server & image signature as its must to make sure that image is a legitimate one, Thank You

  • @arvindkumarreddydubbala5775

    you explanation is really understandable by every one. Simply superb work keep it up.

  • @sujeetkumar.
    @sujeetkumar. 2 роки тому +3

    Wonderful video 😍

  • @kchaitanya39
    @kchaitanya39 Рік тому

    Thank you Nana for the awesome explanation

  • @GaneshMerugu-f9f
    @GaneshMerugu-f9f 2 місяці тому

    Very nice explanation...
    Excellent.

  • @ireenisabel988
    @ireenisabel988 2 роки тому +1

    Hi thanks for these videos. I have a request. If you find some time can you please make a video on how you learn a technology/concpet this thorough? For me, it takes couple of times reading and trying out before I understand the basics properly. If you have a shortcut, we would love to know.

  • @georgelobo4048
    @georgelobo4048 2 роки тому

    Best explanation! Thanks, Nana!!

  • @maheshirk
    @maheshirk 2 роки тому

    Truly awesome, Thank You Nana !

  • @espartadog
    @espartadog 2 роки тому +1

    Great video! Greetings from Argentina!

  • @cybersecurity-with-petty-bug

    Thanks you. Is was very helpful for understanding the k8s security concept.

  • @kingsadmin
    @kingsadmin Рік тому

    nice one! thank you Nana!

  • @testquality1900
    @testquality1900 2 роки тому +2

    Great explanation! Direct and clear to the topic 💯

  • @NeerajKVlogs007
    @NeerajKVlogs007 2 роки тому +3

    Well explained Nana... thanks for making such a amazing content 👍

  • @thomash.8297
    @thomash.8297 2 роки тому +1

    Thank you, waited for that 😮

  • @nupeamanga9514
    @nupeamanga9514 Рік тому

    Thanks a lot for this priceless narratives

  • @kameh4522
    @kameh4522 2 роки тому +1

    What a fabulous explanation, thank you kindly.

    • @TechWorldwithNana
      @TechWorldwithNana  2 роки тому

      Happy to hear! Appreciate your positive feedback! 💙

  • @ChanceTEK
    @ChanceTEK 2 роки тому

    Extremely helpful. Thank you.

  • @TamLe-sh2ru
    @TamLe-sh2ru 2 роки тому +1

    Thanks, great video!

  • @LuHaTube
    @LuHaTube 2 роки тому

    Thanks very much Nana for your great effort.

  • @omdxp
    @omdxp 2 роки тому +1

    Thank you so much for these valuable information

  • @stevenromero9962
    @stevenromero9962 2 роки тому +2

    Great explanation, this is top level content.

  • @manasanayini2655
    @manasanayini2655 10 місяців тому

    Big thanks for the best lecture!!

  • @kreativcity
    @kreativcity 2 роки тому +1

    Thank you Nana!

  • @LaVidaEnUnaGota
    @LaVidaEnUnaGota 2 роки тому +1

    for scan image, you could use anchore

  • @NicolasGryman
    @NicolasGryman 2 роки тому

    Thanks Nana, you rock!

  • @deepanchakrvarthyp7063
    @deepanchakrvarthyp7063 2 роки тому

    Very clear explanation,thanks you so much

  • @parris3142
    @parris3142 2 роки тому

    Great overview.. thanks

  • @Fayaz-Rehman
    @Fayaz-Rehman 2 роки тому +1

    Great - Thanks for sharing.

  • @9sandy13
    @9sandy13 2 роки тому

    Great fan of your work and your tech videos, your explanation is really very helpful to understand the concepts, keep up the good work.

  • @rajeshdhapola07
    @rajeshdhapola07 2 роки тому

    Great explanation...Thanks

  • @derekreed6798
    @derekreed6798 Рік тому

    Many thanks, plenty of food for thought.

  • @MuhammedDahab
    @MuhammedDahab 2 роки тому +1

    Great Stuff as usually

  • @mousumisaha4525
    @mousumisaha4525 2 роки тому +1

    Thank you for this awasome video

  • @loading418
    @loading418 2 роки тому +1

    knowledge ++
    many many ty

  • @s.sandeep
    @s.sandeep 2 роки тому +1

    Thanks!

  • @darshanmehta9374
    @darshanmehta9374 2 роки тому

    You have been great Nana - really appreciate you giving the right amount of details. I wanted to ask while I understand 3rd party product was mentioned for data recovery, I wanteed to ask if Volume Storage can help in protecting or recovering the application/config data in any which ways during a cyber event. If anyone can hep - wouldd be appreciated.

  • @sahanasadasivam7056
    @sahanasadasivam7056 2 роки тому +1

    Hi Nana,discuss about what are the career paths in software field,it will be helpful,to set goal beside that

  • @maneeshs3876
    @maneeshs3876 2 роки тому

    Nice informative video !

  • @alexserbul
    @alexserbul Рік тому

    Thank you!

  • @simon-rey
    @simon-rey 2 роки тому

    Great video, very informative and smart ideas, thanks

  • @varun-i2r5b
    @varun-i2r5b 2 місяці тому

    can you do video on network plugins like calico and cilium

  • @shalandichannel
    @shalandichannel 2 роки тому

    thanks for the nice video! i habe got 2 doubts after watching the video:
    1. in point 5 you mention that pods traffic is unencrypted by default. is this only true for communication inside the cluster, i.e. is the host to host communication for both control plane and pods elements encrypted from the outside? if this is not the case, is it necessary to setup a VPN mesh between the k8s nodes or would that be an unusual overhead in regular k8s deployments?
    2. how about securing network access to cluster and its services on a TCP level? can port 6443 remain unprotected? should administrator always access the cluster protected services via port forwarding or is it best to publish ingresses on a protected subnet and then setup a VPN to push that subnet to authorized users? what are best/common cloud native practices here? is there any helm chart for that?
    thanks

  • @jamallmahmoudi9481
    @jamallmahmoudi9481 Рік тому

    Hi,
    It was great and useful, thank you🙏

  • @rampanwar1316
    @rampanwar1316 2 роки тому +1

    Bery good Video nana

  • @k.alipardhan6957
    @k.alipardhan6957 8 місяців тому

    would have been helpful to mention more details on scanning... static, dymanic, SCA, and Docker Scout.

  • @MirajGodha
    @MirajGodha 2 роки тому

    Awesome bro

  • @TheEbbemonster
    @TheEbbemonster 2 роки тому +2

    Great video! It would be nice if you inform the viewer whenever, you jump to a sponsored or affiliated component, such that the viewed knows that your view on that component is biased like with Kasten K10.

    • @TechWorldwithNana
      @TechWorldwithNana  2 роки тому +1

      Thanks for your valuable feedback! Sure, will try to make it clearer in the videos, when talking about the sponsored tool.

  • @blakegreendev
    @blakegreendev 2 роки тому +1

    Just to help drive home the misconception of the security in cloud in general. Each cloud provider has a shared responsibility model. The cloud provider is responsible for the security OF the cloud and the customer is responsible for the security IN the cloud :)

  • @ishaquerazvi2670
    @ishaquerazvi2670 Рік тому

    I really like the way you teach, I prefer your videos over udemy .....thanks a lot

  • @satyamgpt31
    @satyamgpt31 2 роки тому

    Really helpful

  • @yinyang2k
    @yinyang2k 2 роки тому +1

    Thank you for the video! 🙏
    I’m interested in using Hashicorp Vault. Could you maybe make a video about it to? :)

    • @TechWorldwithNana
      @TechWorldwithNana  2 роки тому +1

      Thank you for your suggestion. Yes, we are thinking about making video about Vault.

  • @omarakki705
    @omarakki705 2 роки тому +1

    Thanks nana

  • @Harridu
    @Harridu 2 роки тому +1

    Excellent

  • @DrorNir
    @DrorNir 2 роки тому +1

    I've just started a job as DevSecOps and I have zero experience. I'm buying the course as it comes out!

  • @joyebot7371
    @joyebot7371 Рік тому

    Thank you

  • @JamesMcCabe703
    @JamesMcCabe703 Рік тому +1

    Encryption: AWS engineers when using their KMS have a copy of the private key. So they become the insider threat. See arrest of Paige Thompson, AWS engineer who release Captial One customer data. Use you're own key management system.

  • @cracksaadee
    @cracksaadee 2 роки тому

    How to use regex in audit policy in k8s ?

  • @Harridu
    @Harridu 2 роки тому +2

    One important point missing was a firewall between your cluster and the outside world.

  • @nr9885
    @nr9885 2 роки тому +1

    Just pointing out that at 19:30 you forgot a "=" at the end of your mongo-password secret. In fact, it should be "bW9uZ29wYXNzd29yZA==". Maybe I do have too much free time 😅?

  • @PrasannaVarshan
    @PrasannaVarshan 2 роки тому

    Does any one else feels like crying? I found peace finally!!!!

  • @Tirax13
    @Tirax13 2 роки тому

    hey nana, i like your content, do you have an advice for including security testing in the pipeline, like vulnerability scanning and compliance checks? For example how do i include cis benchmarks and vuln scanning and define thresholds that prevent unsecure workloads from going to production?

    • @sgrhr024
      @sgrhr024 2 роки тому

      Nice question

    • @stockmarket9449
      @stockmarket9449 11 місяців тому

      Image scanning happens in CI/CD and also Image registery regularly, we can consider to do such scanning at appropriate stage in deployment. Also we can consider to attach digital signature when run scanning is completed just before to start tranfer the image upon pull Image request from registery , and verify it at appropriate stage during deployment workflow.
      Please share your thoughts. Thank you!

  • @R-Kannada-DevOps
    @R-Kannada-DevOps Рік тому

    How to delete already pulled images from cluster to release space .

  • @murali7403
    @murali7403 2 роки тому

    Hi nana was attended 3 times interview within a span of 1 month in tcs but 3rd time i got selected and they released offer and joining date too while doing background check previous two attempts they will consider? Normally they will. Check the candidate before attending interview right wether candidate is attended or not like?

  • @MrDuoScythe
    @MrDuoScythe 2 роки тому

    Get NeuVector...done :)

  • @tomasferrari92
    @tomasferrari92 2 роки тому

    i love u nana

  • @salilmandal872
    @salilmandal872 4 місяці тому

    Nice

  • @vanzoelmaulana4324
    @vanzoelmaulana4324 Рік тому

    actually sa can be used for human also

  • @Thomas-1023
    @Thomas-1023 10 місяців тому

    I'm enchanted by this content. I had the pleasure of reading something similar, and I was completely enchanted. "Mastering AWS: A Software Engineers Guide" by Nathan Vale

  • @bulldozerbaba3830
    @bulldozerbaba3830 2 роки тому

    There is no proper video on Hashicorp Vault to integrate it and use it with Terraform or K8s. Can you please make a video on it? 🙄