Back

Kubernetes Security Deep Dive

Learn advanced security concepts for Kubernetes clusters, from network security to securing the container supply chain

4 days
Advanced
Get Started

Kubernetes Security Deep Dive

Course Overview

This hands-on course provides in-depth knowledge on securing Kubernetes clusters. You’ll learn modern security standards, tools, and methods for hardening workloads, controlling access, and securing the container supply chain. Ideal for participants with basic Kubernetes knowledge who want to operate clusters securely.

What You Will Learn

  • Cluster Network Security: Secure communication between pods and effectively use network policies
  • Controlling API Access: RBAC, service accounts, and protecting the API server
  • System and Kernel Hardening: Reduce the attack surface through OS and kernel hardening
  • Pod Security and Runtime Protection: Pod Security Standards, sandboxing, and secrets management
  • Container Image Security: Minimize base image size, perform static analysis, sign and validate images
  • Monitoring and Auditing: Detect anomalies with Falco and Kubernetes audit logs

Course Modules

Module 1: Networking and Cluster Hardening

  • Cluster components and their communication
  • Required certificates for secure communication
  • Network policies: firewall rules and policy controllers
  • Ingress: TLS termination and security concepts
  • CIS Benchmarks: best practices with kube-bench and fixing misconfigurations
  • Verifying platform binaries: origin and checksums

Module 2: API Access and Permissions

  • How API requests are processed in Kubernetes
  • Restricting access to the API server
  • Service accounts: creation, usage, and security settings
  • RBAC: roles, role bindings, and integration with service accounts
  • Kubernetes upgrades: release cycles, importance, and upgrade processes

Module 3: System and Runtime Hardening

  • Minimizing the system attack surface: host OS, IAM roles, and network exposure
  • Kernel hardening: blocking system calls with AppArmor and syscomp
  • Pod Security Standards: security context, PSA, and OPA policy enforcement
  • Container runtime sandboxing: using gVisor and Kata Containers
  • Secrets management: creating, using, and encrypting secrets in etcd
  • Encrypting pod-to-pod communication: mTLS with Cilium

Module 4: Container Security and Monitoring

  • Minimizing base image footprint: image selection, multi-stage Dockerfiles, and layer optimization
  • Static analysis: Dockerfile and manifest review, image vulnerability scanning
  • Supply chain security: signing, validating, and whitelisting image registries
  • Behavioral analytics in the cluster: tracking events with Falco, configuration, and usage
  • Audit logging: captured data, rule configuration, and log examples
  • Container immutability: importance, implementation, and pod configuration options

Prerequisites

  • Solid knowledge of Kubernetes (e.g., deployments, services, ConfigMaps)
  • Basic understanding of Linux systems and container technologies
  • Experience with YAML and Kubernetes CLI (kubectl) recommended

Who Should Attend

  • Kubernetes administrators responsible for security
  • DevOps and platform engineers
  • IT security professionals in cloud environments
  • Developers focused on secure workload deployments