Container & Kubernetes Security

Training & Course

Intensive Introduction to Security Aspects of Kubernetes and Container Environments, including Best Practices and Overview of Potential Threats.

In this course, participants will learn the fundamentals of security in Kubernetes and Container environments, and how to protect their applications and infrastructures from potential threats.

Course for your team.

We are happy to conduct tailored courses for your team - on-site, remotely or in our course rooms.

Request In-House Course

Caleb Woodbine

Content:


The course guides participants through the following topics. Depending on the questions and interests of the participants, focus areas will be emphasized and ad-hoc topics added:


– Introduction to Container and Kubernetes Security:

    - Security challenges and strategies

    - Overview of security architecture and tools

– Container Image Security:

    - Secure Base Images and Image Scanning

    - Integrity and Trustworthiness of Images

    - Minimization of Image Size and Attack Surface

    - Hardening Container Images

– Network Security in Kubernetes:

    - Isolation of Namespaces and Network Resources

    - Network Policies and Ingress/Egress Rules

    - Brief Overview of Service Mesh and mTLS (with Cilium)

    - Security Considerations for Ingress

    - Introduction to Gateway API

– Kubernetes API and Authentication:

    - RBAC (Role-Based Access Control)

    - API Security and Auditing

    - Secrets Management and Encryption

– Pod Security and Resource Limitations:

    - Pod Security Admission Controller

    - Container Runtime Security

    - Resource Quotas and LimitRanges

    - Security Mechanisms with gVisor

– Monitoring and Logging for Security Incidents:

    - Overview of Tools and Techniques

    - Monitoring with Falco

– Automation of Security Checks in CI/CD Pipelines:

    - Integrating Security Checks into Development Cycle

    - Using Tools like Trivy and kube-bench

    - Signing and Verifying Container Images with Sigstore Cosign

– Policy Enforcement:

    - Using Gatekeeper/OPA and Kyverno for Policy Enforcement

– Mini "Capture The Flag" Example:

    - Hands-on exercises to reinforce security knowledge


You will not only get to know these concepts, but also implement them in practice.


Disclaimer: The actual course content may vary from the above, depending on the trainer, implementation, duration and constellation of participants.


Whether we call it training, course, workshop or seminar, we want to pick up participants at their point and equip them with the necessary practical knowledge so that they can apply the technology directly after the training and deepen it independently.

Goal:

After the course, participants will be able to apply Best Practices for securing their applications and infrastructures in Kubernetes and Container environments.


Form:

The course is well structured and consists of theoretical explanations and practical exercises. You will be accompanied by an experienced trainer who can answer questions related to Kubernetes & Container Security.


Target Audience:

The course is aimed at Software, DevOps, and System Engineers or Architects who already have basic knowledge in orchestrating containers with Kubernetes.


Requirements:

Basic understanding of Kubernetes and Container Orchestration.

Familiarity with kubectl (apply, get, describe, delete, logs, exec).

Basic knowledge of Linux and the command line.


Preparation:

Every participant will receive a questionnaire and a preparation checklist after registration. We provide a comprehensive laboratory environment for each participant, so that all participants can directly implement their own experiments and even complex scenarios.

Request In-House Course:

In-House Kurs Anfragen

Topic: Container & Kubernetes Security


Share by: