Kubernetes Security (Advanced Concepts)

Course

Intro Video

Photo of John Marx

John Marx

Training Architect

Length

10:00:41

Difficulty

Intermediate

Course Details

This course is the second part of the Kubernetes Security series. The first part is Kubernetes Security. This part is Advanced Concepts. This course guides the student through implementing network policy. It then goes through the administrative steps necessary to build, launch and maintain a secure Kubernetes Cluster.

Syllabus

Introduction

Introduction to the Author

00:00:36

Lesson Description:

This video is the introduction to the course author.

Introduction to This Course

00:02:55

Lesson Description:

This is a brief introduction to the course, with some discussion of courses that are recommended as preparation for it.

Kubernetes Networking

Network Overlays

00:03:04

Lesson Description:

This is a brief lesson covering what network overlays are with Kubernetes, and a few popular overlays available at the time this lesson was published.

Network Policy

00:06:28

Lesson Description:

This video provides examples of how network policies are implemented. The lesson also gives a brief introduction and explanation as to the examples covered in the lab.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Building a Kubernetes Infrastructure

Host Server Hardening

00:05:39

Lesson Description:

This lesson covers the steps necessary to harden an operating system image that may then be used for Kubernetes master and worker nodes. We'll look at Packer on AWS as an example. We'll also get a picture of the what the lab at the end of this section entails.

Secure Software Supply Chain

00:05:30

Lesson Description:

This lesson covers how a DevSecOps CI/CD Pipeline would control workflow for applications and the Kubernetes Cluster artifacts as well. We'll emphasize the ephemeral nature of both the applications and the infrastructures they run on.

Container Registries and Trusted Repositories

00:05:38

Lesson Description:

This lesson continues on the subject of a secure software supply chain by discussing some of the key capabilities of trusted repositories. We'll cover signing of content, secure authentication, and scanning as necessary practices that ensure a secure Kubernetes environment.

Choosing an Installer

00:05:43

Lesson Description:

This video discusses various approaches to Kubernetes installers and shows some of the considerations to keep in mind when making an installer choice.

Configuration Management

00:03:39

Lesson Description:

This lesson covers the role of configuration management and its importance for maintaining a Kubernetes delivery pipeline.

Scanning and Static Analysis of YAML

00:03:41

Lesson Description:

This lesson covers the need for YAML scanning, and demonstrates the SonoBouy Scanning tool from HEPTIO.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Launching a Kubernetes Cluster

From Lab to Maiden Voyage

00:02:59

Lesson Description:

This lesson discusses the opportunity for system administrators to take advantage of cloud infrastructures. By allowing virtual instances of servers to become available on demand, it's possible to build a pipeline for the Kubernetes cluster. This is similar to how application code pipelines might be used. We'll look at the idea of building, launching, testing, and then promoting a cluster configuration into production.

Hardening the Cluster

00:02:08

Lesson Description:

In the upcoming hands-on lab, we'll harden a cluster the kube-bench utility. This lesson emphasizes the role that an installer (such as kops), and a configuration management tool (such as Ansible), might play in a Kubernetes build, launch, maintain type of deployment pipeline.

Monitoring and Alerts

00:03:05

Lesson Description:

This lesson covers the importance of configuring and testing the monitoring and alerting tools that are used later in production. The lesson provides a brief demo of the HEPTIO Sonobouy Scanning product.

Maintaining a Kubernetes Infrastructure

Patching Live Deployments

00:02:12

Lesson Description:

This lesson demonstrates utilizing the Kubernetes patch capabilities to update container workloads while they are running in a live cluster.

Upgrading Kubernetes Components

00:03:14

Lesson Description:

Thsi lesson covers using an installer to upgrade the Kubernetes Control Plane and Worker Node Components.

Node Recycling

00:02:27

Lesson Description:

This lesson introduces the concept of node recycling. By using the kubectl drain command, the administrator may cordon a node, evict its running pods, and thus disconnect it from the cluster. This allows for patching of the operating system and other server-level configuration. Once the maintenance is complete, the server may be reconnected with the uncordon command.

Conclusion

Summation and Next Steps

00:01:37

Lesson Description:

This lesson is a quick summary of the course, and lists some third-party resources that students may find useful.