Kubernetes Security
The course will address the concepts related to security and authentication in the Kubernetes environment, will then continue with theoretical and practical aspects that will help the student evaluate security solutions. the course includes exercises in a laboratory environment where the student will be able to secure the cluster by creating user roles and assigning access keys. The course will lead the system administrator to have a more prudent and granular approach in the management of accesses, users and permissions.
COD : DSK303
Category : Kubernetes
Teaching methodology
The course includes educational laboratories in which each student will be able to work in order to complete training exercises that will provide practical experience in using the instrument, for each of the topics covered during the course.
Prerequisites
- Basic knowledge of linux commands
- Basic knowledge of Linux operating system
- Basic knowledge of TCP/IP stack
- Basic knowledge of text editor on terminal (vi,vim,nano)
- Basic knowledge of authentication/authorization concepts and mechanisms
- Good knowledge of Kubernetes (having followed the DSK201 course )
At the end of the course the participants will be able to:
Theory
- Understand how the authentication and authorization process works
- Understand how roles and permissions work
- Understand the various OIDC-based authentication mechanisms
- Understand how OPA works
- Understand the use of security contexts and Pod Security (1.23.x)
Practice
- Configure roles and permissions on users and/or groups
- Configure an authentication mechanism
- User/group management
- Granularly govern a cluster using OPA
- Configure security perimeter on pods
- Configurare encryption su etcd
- Adopt the use of add-ons to increase governance in the cluster
Educational program
- Auditing
- API access
- Service Account Deep
- Authentication Plugins
- Normal Users
- OIDC Authentication
- Admission Control
- OPA Introduction
- OPA Basic
- OPA Advanced
- Pod Service Account
- Security Context
- Pod Security
- Encryption at Rest
- Kube Bench
- Trives
- Falco
Duration – 1 day
Delivery – in Classroom, On Site, Remote
PC and SW requirements:
- Internet connection
- Web browser, Google Chrome
- Zoom
Language
- Trainer: Italian
- Workshops: English
- Slides: English