LFS460
Kubernetes Security Fundamentals
This course provides the skills and knowledge to maintain security in dynamic, multi-project environments and address security concerns for cloud production environments. Through hands-on labs, you will learn a range of security best practices for container-based applications and Kubernetes platforms. The course covers the entire security lifecycle, from supply chain security before cluster configuration to ongoing monitoring and logging of security events. It is designed to prepare you for the Certified Kubernetes Security Specialist (CKS) certification exam.
What you will learn
- Learn to maintain security in dynamic, multi-project environments
- Address security concerns for cloud production environments
- Use hands-on labs to learn security best practices for container-based applications and Kubernetes platforms
- Gain key knowledge and skills related to the Certified Kubernetes Security Specialist (CKS) certification exam
Prerequisites
- A good understanding of Linux
- Familiarity with the command line
- Familiarity with package managers
- Familiarity with Git and GitHub
- Proficiency working with Kubernetes (the equivalent of being CKA-certified)
Target audience
- Anyone holding a CKA certification, Anyone interested in or responsible for cloud security
Training Program
10 modules to master the fundamentals
Topics covered
- →The Linux Foundation Certifications
- →The Linux Foundation Digital Badges
- →Laboratory Exercises, Solutions and Resources
- →Things Change in Linux and Open Source Projects
- →E-Learning Course: LFS260
- →Platform Details
Topics covered
- →Multiple Projects
- →What is Security?
- →Assessment
- →Prevention
- →Detection
- →Reaction
- →Classes of Attackers
- →Types of Attacks
- →Attack Surfaces
- →Hardware and Firmware Considerations
- →Security Agencies
- →Manage External Access
- →Labs
Topics covered
- →Image Supply Chain
- →Runtime Sandbox
- →Verify Platform Binaries
- →Minimize Access to GUI
- →Policy Based Control
- →Labs
Topics covered
- →Update Kubernetes
- →Tools to Harden the Kernel
- →Kernel Hardening Examples
- →Mitigating Kernel Vulnerabilities
- →Labs
Topics covered
- →Restrict Access to API
- →Enable Kube-apiserver Auditing
- →Configuring RBAC
- →Pod Security Admission
- →Minimize IAM Roles
- →Protecting etcd
- →CIS Benchmark
- →Using Service Accounts
- →Labs
Topics covered
- →Firewalling Basics
- →Network Plugins
- →Mitigate Brute Force Login Attempts
- →Ingress Objects
- →Pod to Pod Encryption
- →Restrict Cluster Level Access
- →Labs
Topics covered
- →Minimize Base Image
- →Static Analysis of Workloads
- →Runtime Analysis of Workloads
- →Overview of SBOM
- →Container Immutability
- →Mandatory Access Control
- →SELinux
- →AppArmor
- →Generate AppArmor Profiles
- →Labs
Topics covered
- →Understanding Phases of Attack
- →Preparation
- →Understanding an Attack Progression
- →During an Incident
- →Handling Incident Aftermath
- →Intrusion Detection Systems
- →Threat Detection
- →Behavioral Analytics
- →Labs
Topics covered
- →Preparing for the Exam
- →Labs
Topics covered
- →Evaluation Survey
Quality Process
SFEIR Institute's commitment: an excellence approach to ensure the quality and success of all our training programs. Learn more about our quality approach
Teaching Methods Used
- Lectures / Theoretical Slides — Presentation of concepts using visual aids (PowerPoint, PDF).
- Technical Demonstration (Demos) — The instructor performs a task or procedure while students observe.
- Guided Labs — Guided practical exercises on software, hardware, or technical environments.
Evaluation and Monitoring System
The achievement of training objectives is evaluated at multiple levels to ensure quality:
- Continuous Knowledge Assessment : Verification of knowledge throughout the training via participatory methods (quizzes, practical exercises, case studies) under instructor supervision.
- Progress Measurement : Comparative self-assessment system including an initial diagnostic to determine the starting level, followed by a final evaluation to validate skills development.
- Quality Evaluation : End-of-session satisfaction questionnaire to measure the relevance and effectiveness of the training as perceived by participants.
Train multiple employees
- Volume discounts (multiple seats)
- Private or custom session
- On-site or remote