Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Certified Kubernetes Security Specialist (CKS) Crash Course
Perform Cluster Version upgrade Using Kubeadm
Introduction
Perform a Version upgrade on Control Plane
Perform a Version upgrade on Worker Nodes
Cluster Security
Introduction
What is the CIS Benchmark?
Overview of CIS Benchmark
What is kube-bench?
Install kube-bench
Check CIS Benchmark using kube-bench
kube-bench Output Explained
π― Scenario 01: Check & Fix Anonymous Auth with kube-bench
π― Scenario 02: Check Kubelet Service File permission
π― Scenario 03: Fix etcd Authorization Issue
Enforcing Image Security using Image Policy Webhook
Introduction
Image Policy Webhook
Webhook Server
Webhook Server Creation
Deploying Image Policy Webhook Server
Kubernetes API Server Configuration
π―Scenario 01: Deny Images from Non Authorized Registry
π―Scenario 02: Troubleshoot Image Policy Webhook Configuration
Runtime Security
Introduction
What is Falco?
How Falco works?
Install Falco
Role of Flaco in Kubernetes
Falco Rules
Rule File Stucture
Create and Test a Custom Falco Rule
π―Scenario 01: Delete the Pod That Triggered a Falco Alert
π―Scenario 02: Identify and Remove the Container that Trigger Falco Alert
Security Context
Introduction
What is SecurityContext?
Why Should We Use SecurityContext?
How Kubernetes Handles User IDs from Container Images
How SecurityContext Works at Pod and Container Level
Important SecurityContext Option to Understand
π―Scenario 01: Secure a Pod
π― Scenario 02: Pod and Container Level Security Context
Static Analysis
Introduction
What Is Static Analysis?
What Are the Things You Should Look For?
π―Scenario 01: Static Analysis for Dockerfiles
π―Scenario 02: Static Analysis for a Kubernetes Manifest File
Audit Logs
Introduction
Kubernetes Audit Logging Workflow
Configuring Audit Logs
π―Scenario 01: Pod Creation Logging
π―Scenario 02: Audit Policy with Multiple Logging Levels
π―Scenario 03: Update Existing Audit Policy
Advanced Traffic Management using Cilium Network Policy
Introduction
Cilium Setup on Kubernetes
Basic Structure of the Cilium Network Policy
Layer 4 Network Policy
Entities
Mutual Authentication
π―Scenario 01: Create a Cilium Layer 4 Network Policy
π―Scenario 02: Allow Application Pod to Access Node Monitoring Agent
π―Scenario 03: Enforce mTLS with Cilium Network Policy
Minimizes Microservice Vulnerabilites Using Pod Security Standards
Introduction
Enforcing Pod Security Standards
Pod Security Admission
π―Scenario 01: Implementing Pod Security Admission in Cluster
π―Scenario 02: Pending Deployment Due to Pod Security
Docker Daemon
Introduction
Docker Daemon Permission Management
Docker Daemon Remote Access
π―Scenario 01: Removing Unused Permissions from the Docker Group
π―Scenario 02: Docker Daemon Insecure Remote Access
Supply Chain Security
Introduction
What is SBOM?
What is bom?
Installation
Generate SBOM from a Container Image
π― Scenario 01: Generate SBOM in JSON Format
π― Scenario 02: Scale Down Deployment based on SBOM Report
Secrets
Introduction
Working With Secrets
Injecting Secrets into Pods
Secret Imperative Commands
π― Scenario 01: Create a Secret
π― Scenario 02: Configure a Secret Into a Pod
π― Scenario 03: Configuring Nginx with TLS Secret in Kubernetes
π Bonus: Managing Secrets In Real World Setup
π Quiz Time
Base64 encoding
Secret Types
Ingress
Introduction
Ingress
π Bonus: Ingress Controller: Internal Workflow
π Ingress FAQs
Setup Ingress Controller
Create Ingress Objects
Ingress Demo Application Architecture
Deploy Demo Application
Ingress Object
Multiple Ingress Controllers
Ingress TLS
Create Ingress TLS
π― Scenario 01: Expose Web Application Via Ingress
π― Scenario 02: Troubleshoot Application Ingress
π― Scenario 03: Implement Path Based Routing
π― Scenario 04: Implement TLS For Ingress
π Quiz Time
Real World Example
Network Policy
Introduction
Kubernetes Network Policy
Network Policy Object
Deploy Demo Application
Implement Network Policies for Secure Communication Between Services
Deny all Ingress and Egress Traffic
π― Scenario 01: Secure Namespace Communication with Network Policies
π― Scenario 02: Implement Secure Egress with IP CIDR-Based Restrictions
π― Scenario 03: Secure Database Access with NetworkPolicy
Default Deny Network Policies
Common Pitfalls and Key Concepts
π Quiz Time
Minimizes the Service Accounts Permissions
Introduction
The Default Service Account
Creating Service Account
Service Account Hardening
Disable Service Account Tokens at Pod/Deployment Level
Projectd Volumes to Mount Service Account Tokens
π― Scenario: Use External Service Account
π―Scenario: Disabling Service Account Tokens on Existing SA
π―Scenario: Disabling Service Account Token on a Deployment
π―Scenario: Using Projected Volume for the Service Account Token Mounting
π Quiz Time
How SecurityContext Works at Pod and Container Level
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock