Szkolenie przygotowawcze do CKS (Certified Kubernetes Security...
Day one
* Exam information, requirements, scope and updates
* Cluster setup domain
- Network security policies for cluster level access
(lab: Network Security Policies)
- CIS benchmark for Kubernetes components' security
(lab: kube-bench)
* System hardening domain
- reduce attack Surface
(lab: node / apiserver setup)
- use kernel-hardening tools (apparmor, seccomp)
(labs: seccomp, apparmor)
* Cluster hardening domain
- restrict access to K8s API
(lab: ServiceAccount for kubernetes-dashboard)
(lab: Certificates API
- minimize exposure with RBAC
(lab: RBAC roles)
Day two
* Supply chain security
- understand supply chain
(lab: SBOM analysis)
- utilize permitted registries and signed artifacts
(lab: ImagePolicyWebhook)
- perform static analysis
(lab: trivy/kubesec/kubelinter)
* Minimize microservices vulnerabilities domain
- securitycontexts
(lab: securitycontexts)
- utilize pod security standards
(lab: pod security admission)
- implement isolation techniques
(lab: quotas/dataplane isolation/nodepools)
- enable pod-to-pod encryption using cilium
(lab: cilium network policy)
* Monitoring, logging and runtime security domain
- monitor system calls and process at host and container level
(lab: falco)
- use K8s audit logs for access monitoring
(lab: audit logs)
* Exam tips