Kubernetes CKS 2021 Complete Course + Simulator

Kubernetes CKS 2021 Complete Course + Simulator

English | MP4 | AVC 1920×1080 | AAC 44KHz 2ch | 11 Hours | 5.49 GB


Full preparation | Theory | Practice | Simulator | Discount code: YES-YES-CKS

Hi there!

all you need for your Certified Kubernetes Security Specialist preparation in one place !

I’m Kim, Kubernetes Trainer and Author, also the creator of the Killer Shell CKS|CKA|CKAD Simulators.

  • I will present every CKS topic to you in a simple, visual and easy way
  • For every topic we’ll also run through various practical hands-on challenges together
  • We’ll setup your own CKS cluster together, for this we provide simple scripts!
  • We also have a Github course repository with various examples which we use throughout this course
  • At the end you’ll test your knowledge by attending the Killer Shell CKS simulator for which two free identical sessions are included in this course
  • Join the Killer Shell private Slack community for exam and topic discussion

Simulator

Two Killer Shell CKS Simulator sessions with identical questions are included in this course. The simulator cannot be used indefinitely, so treat the simulator like the real exam, come prepared. Should you fail the real exam you get another session for free.

Please expect this course to take more time than just our recorded hours. For most topics you’ll need some time to implement the scenarios yourself. Also breaks (hours or even days) between sections/topics should be advised to prevent brain implosion

Are you ready to dive deep into Kubernetes Security?

Is your goal to become Kubernetes Certified Security Specialist (CKS)?

Then this course is for you

You should already have some Kubernetes Administrator knowledge before attending this course. And if you like to attend the real CKS exam you need to hold a valid CKA certification. But we also do some recap of CKA knowledge at the beginning, so no worries if your knowledge is a bit stale.

  • What you’ll learn
  • Complete CKS preparation
  • CKS Theory Practice and Simulator
  • Kubernetes Security Concepts
  • Think from a hackers perspective
  • Deep technical insight into Kubernetes
+ Table of Contents

Introduction
1 Welcome
2 Best Video Quality
3 Slack Community
4 K8s Security Best Practices

Create your course K8s cluster
5 Cluster Specification
6 Practice – Create GCP Account
7 Practice – Configure gcloud command
8 Practice – Create Kubeadm Cluster in GCP
9 Practice – Firewall rules for NodePorts
10 Notice Always stop your instances
11 Recap

Foundation – Kubernetes Secure Architecture
12 Intro
13 Practice – Find various K8s certificates
14 Recap

Foundation – Containers under the hood
15 Intro
16 Practice – The PID Namespace
17 Recap

Cluster Setup – Network Policies
18 Cluster Reset
19 Introduction 1
20 Introduction 2
21 Practice – Default Deny
22 Practice – Frontend to Backend traffic
23 Practice – Backend to Database traffic
24 Recap

Cluster Setup – GUI Elements
25 Feedback
26 Introduction
27 Practice – Install Dashboard
28 Practice – Outside Insecure Access
29 Practice – RBAC for the Dashboard
30 Recap

Cluster Setup – Secure Ingress
31 Introduction
32 Practice – Create an Ingress
33 Practice – Secure an Ingress
34 Recap

Cluster Setup – Node Metadata Protection
35 Introduction
36 Practice Access Node Metadata
37 Practice Protect Node Metadata via NetworkPolicy
38 Recap

Cluster Setup – CIS Benchmarks
39 Introduction
40 Practice – CIS in Action
41 Practice – kube-bench
42 Recap

Cluster Setup – Verify Platform Binaries
43 Introduction
44 Practice – Download and verify K8s release
45 Practice – Verify apiserver binary running in our cluster
46 Recap

Cluster Hardening – RBAC
47 Intro
48 Practice – Role and Rolebinding
49 Practice – ClusterRole and ClusterRoleBinding
50 Accounts and Users
51 Practice – CertificateSigningRequests
52 Recap

Cluster Hardening – Exercise caution in using ServiceAccounts
53 Intro
54 Practice – Pod uses custom ServiceAccount
55 Practice – Disable ServiceAccount mounting
56 Practice – Limit ServiceAccounts using RBAC
57 Recap

Cluster Hardening – Restrict API Access
58 Introduction
59 Practice – Anonymous Access
60 Practice – Insecure Access
61 Practice – Manual API Request
62 Practice – External Apiserver Access
63 NodeRestriction AdmissionController
64 Practice – Verify NodeRestriction
65 Recap

Cluster Hardening – Upgrade Kubernetes
66 Introduction
67 Practice – Create outdated cluster
68 Practice – Upgrade master node
69 Practice – Upgrade worker node
70 Recap

Microservice Vulnerabilities – Manage Kubernetes Secrets
71 Introduction
72 Practice – Create Simple Secret Scenario
73 Practice – Hack Secrets in Docker
74 Practice – Hack Secrets in ETCD
75 ETCD Encryption
76 Practice – Encrypt ETCD
77 Recap

Microservice Vulnerabilities – Container Runtime Sandboxes
78 Introduction
79 Practice – Container calls Linux Kernel
80 Open Container Initiative OCI
81 Practice – Crictl
82 Sandbox Runtime Katacontainers
83 Sandbox Runtime gVisor
84 Practice – Create and use RuntimeClasses
85 Practice – Install and use gVisor
86 Recap

Microservice Vulnerabilities – OS Level Security Domains
87 Intro and Security Contexts
88 Practice – Set Container User and Group
89 Practice – Force Container Non-Root
90 Privileged Containers
91 Practice – Create Privileged Containers
92 PrivilegeEscalation
93 Practice – Disable PriviledgeEscalation
94 PodSecurityPolicies
95 Practice – Create and enable PodSecurityPolicy
96 Recap

Microservice Vulnerabilities – mTLS
97 Intro
98 Practice – Create sidecar proxy
99 Recap

Open Policy Agent (OPA)
100 Cluster Reset
101 Introduction
102 Practice – Install OPA
103 Practice – Deny All Policy
104 Practice – Enforce Namespace Labels
105 Practice – Enforce Deployment replica count
106 Practice – The Rego Playground and more examples
107 Recap

Supply Chain Security – Image Footprint
108 Introduction
109 Practice – Reduce Image Footprint with Multi-Stage
110 Practice – Secure and harden Images
111 Recap

Supply Chain Security – Static Analysis
112 Introduction
113 Kubesec
114 Practice – Kubesec
115 OPA Confest
116 Practice – OPA Confest for K8s YAML
117 Practice – OPA Confest for Dockerfile
118 Recap

Supply Chain Security – Image Vulnerability Scanning
119 Introduction
120 Clair and Trivy
121 Practice – Use Trivy to scan images
122 Recap

Supply Chain Security – Secure Supply Chain
123 Introduction
124 Practice – Image Digest
125 Practice – Whitelist Registries with OPA
126 ImagePolicyWebhook
127 Practice – ImagePolicyWebhook
128 Recap

Runtime Security – Behavioral Analytics at host and container level
129 Introduction
130 Practice – Strace
131 Practice – Strace and proc on ETCD
132 Practice – proc and env variables
133 Practice – Falco and Installation
134 Practice – Use Falco to find malicious processes
135 Practice – Investigate Falco rules
136 Practice – Change Falco Rule
137 Recap

Runtime Security – Immutability of containers at runtime
138 Introduction
139 Ways to enforce immutability
140 Practice – StartupProbe changes container
141 Practice – SecurityContext renders container immutable
142 Recap

Runtime Security – Auditing
143 Introduction
144 Practice – Enable Audit Logging in Apiserver
145 Practice – Create Secret and check Audit Logs
146 Practice – Create advanced Audit Policy
147 Practice – Investigate API access history
148 Recap

System Hardening – Kernel Hardening Tools
149 Introduction
150 AppArmor
151 Practice – AppArmor for curl
152 Practice – AppArmor for Docker Nginx
153 Practice – AppArmor for Kubernetes Nginx
154 Seccomp
155 Practice – Seccomp for Docker Nginx
156 Practice – Seccomp for Kubernetes Nginx
157 Recap

System Hardening – Reduce Attack Surface
158 Introduction
159 Practice – Systemctl and Services
160 Practice – Install and investigate Services
161 Practice – Disable application listening on port
162 Practice – Investigate Linux Users
163 Recap

CKS Exam Series
164 CKS Exam Series

CKS Simulator
165 Introduction

Rating and feedback
166 Rating and feedback