Master Apparmor, Clair, Quay, Anchore, Swarm, Portainer, Rancher, KubeBench, Prometheus and more for DevOps security
DevSecOps stands for development, security, and operations. It’s an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle. DevOps isn’t just about development and operations teams. If you want to take full advantage of the agility and responsiveness of a DevOps approach, IT security must also play an integrated role in the full life cycle of your apps.
This course is a complete step by step guide for implementing best security practices and tools on your DevOps framework. You will start from the very basics by exploring the DevOps architecture and how it is related to DevSecOps. The you will learn the two main container management platforms: Docker and Kubernetes. You will master container management, working with Docker files, getting and building your own container images and optimizing them.
In the rest of the sections you will master the implementation of the extra security layer on your DevOps tools. Firstly, you will learn how to use the Docker Registry and build a registry on your own. I will show you how to use Docker Content Thrust and protect your docker daemon and host by applying Apparmor and Seccomp security profiles, implementing Docker Bench Security and and auditing the your Docker host. You will also learn how to protect and analyze vulnerabilities your docker images to prevent corruption using Clair, Quay, Anchore and the CVE database. You will explore how to create and manage Docker secrets, networks and port mapping. You will be able to use security monitoring tools such as cAdvisor, Dive, Falco and administration tools such as Portainer, Rancher and Openshift.
Finally you will focus on Kubernetes Security practices. You will learn how to find, solve and prevent Kubernetes security risks and apply best security practices. I will show you how to use KubeBench and Kubernetes Dashboard to enhance your Kubernetes Security and Prometheus and Grafana to monitor and observe our Kubernetes clusters for vulnerabilities.
Here is the complete course content by sections:
Section 1: You will review DevSecOps challenges, methodologies, and tools to improve the security of applications. The idea of DevSecOps implement security early in the DevOps in the application design, development, and delivery processes.
Section 2: You will review main containers platforms that provide infrastructure for both the development and operations teams, like Docker and Kubernetes. We will also review alternative tools like Podman.
Section 3: Master Docker manages images and containers, explores the main commands used for generating our images from Dockerfile, and learn how to optimize our Docker images, minimizing their size to reducing the attack surface.
Section 4: Learn security best practices and other aspects like Docker capabilities, which containers leverage in order to provide more features, such as the privileged container. Learn to create private registry to prevent your images to be accessible to the world. You will review Docker Content Trust and Docker Registry, which provide a secure way to upload our images in Docker Hub platform and other registries like Quay and Harbor.
Section 5: Docker daemon and AppArmor and Seccomp profiles, which provide kernel-enhancement features to limit system calls. Also, we will review tools like Docker bench security and Lynis, which follow security best practices in the Docker environment, and some of the important recommendations that can be followed during auditing and Docker deployment in a production environment.
Section 6: Here you will learn best practices for building container images securely. We will review some open source tools, such as Clair and Anchore, to discover vulnerabilities in container images by learning static analysis tools that analyze the different layers that compose an image. As a result, developers will be able to detect vulnerabilities in container applications before uploading them to production.
Section 7: You will learn about the main Docker container threats, the main vulnerabilities we can find in Docker images, and some services and tools for getting information about these vulnerabilities. As a result, developers will have the capacity to obtain details about vulnerabilities in container applications.
Section 8: Learn Docker secrets and the essential components of Docker networking, including how we can communicate with and link Docker containers. We will also review other concepts like port mapping, which Docker uses for exposing the TCP ports that provide services from the container to the host so that users accessing the host can access a container’s services.
Section 9: It is important to define a comprehensive strategy to monitor your Docker infrastructure with a native collection source for events, statistics, configurations, and records and provide views on the performance of the CPU, memory, and network containers.
Section 10: Learn some of the open source tools available for Docker container administration, such as Portainer, Rancher, and Openshift.
Section 11: Kubernetes architecture, components, objects, and networking model. We will also review different tools for working with Kubernetes, explaining minikube as the main tool for deploying a cluster.
Section 12: Kubernetes security and best practices for securing components and pods by applying the principle of least privilege in Kubernetes.
Section 13: Kubernetes security and Kubernetes bench for security project to execute controls documented in CIS Kubernetes Benchmark guide. We will also review main security projects for analyzing security in Kubernetes components and more critical vulnerabilities discovered in Kubernetes in the last few years.
Section 14: Review production capabilities when running Kubernetes. We will first analyze observability and monitoring in the context of Kubernetes, and then we will review Kubernetes dashboard for getting metrics in your cluster. You will look at the Kubernetes stack for observability and monitoring with Prometheus and Grafana.
What you’ll learn
- Apply security to the main container platforms: Docker and Kubernetes
- Learn best Docker security practices
- Create your own rived image registry to prevent images to be accessible to the world
- Review Docker Content Trust and Docker Registry
- Upload images to Docker Hub, Quay and Harbor
- Implement Docker daemon security
- Implement AppArmor and Seccomp security profiles to provide Linux kernel enhancement features
- Implement Docker Bench Security
- Learn best Docker security practices
- Discover Docker vulnerabilities using Clair and Anchore
- Learn static security analysis tools
- Explore the main Docker container threats
- Learn how to create Docker secrets
- Link Docker containers
- Docker networking security
- Manage CPU, memory and RAM performance of your containers
- Administrate your Docker containers with Portainer and Rancher
- Launch Kubernetes using Minikube
- Apply least privilege principle to protect Kubernetes clusters
- Use CIS Kubernetes Benchmark guide
- Analyze security and vulnerabilities in Kubernetes pods, clusters and nodes
- Monitor Kubernetes in production using Prometheus and Grafana
Table of Contents
Introducing DevOps in IT Delivery
Creating a Basic Architecture
Intro to DevSecOps Ecosystem
Applying DevSecOps to AWS, Azure and Google Claud
Deployment and Industry Security Frameworks
Working with Docker
Podman and Container Management
Managing Containers and Docker Images
Managing Docker Images
Managing Docker containers
Optimizing Docker Images
Docker Security Principals
Docker Content Thrust
Docker Host Decurity
Apparmor and Seccomp Profiles
Docker Bench Security
Docker Images Security
Docker Hub Repository and Security Scanning
Scanning Docker Images with Clair and Quay
Analyzing Docker Images with Anchore
Auditing and Analyzing Vulnerabilities in Docker Containers
Docker Threats and Attacks
CVE in Docker Images
Managing Docker Secrets and Networks
Managing Secrets in Docker
Container Networking and Managing in Docker
Containers Communication and Port Mapping
Creating and Managing Docker Networks
Docker Container Monitoring
Container Metrics and events
Docker Container Administration
Administration with Portainer
Administration with Rancher
Tools for Deploying Kubernetes
Introduction to Kubernetes Security
Kubernetes Security Best Practices
Analyzing Kubernetes Components Security
Auditing and Analyzing Vulnerabilities in Kubernetes
Kubernetes Security Projects and Kubesec
Analyzing Kubernetes Vulnerabilities with CVEs
Kubernetes Dashboard and Cluster
Enhancing Observability with Prometheus
Collecting and Exploring Matrices with Grafina