   Kubernetes Security培訓

Introduction

Overview of the Kubernetes API and Security Features

Access to HTTPS endpoints, Kubernetes API, nodes, and containers
Kubernetes Authentication and Authorization features
How Hackers Attack Your Cluster

How hackers find your etcd port, Kubernetes API, and other services
How hackers execute code inside your container
How hackers escalate their privileges
Case study: How Tesla exposed its Kubernetes cluster
Setting up Kubernetes

Choosing a distribution
Installing Kubernetes
Using Credentials and Secrets

The credentials life cycle
Understanding secrets
Distributing credentials
Controlling Access to the Kubernetes API

Encrypting API traffic with TLS
Implementing authentication for API servers
Implementing authorization for different roles
Controlling User and Workload Capabilities

Understanding Kubernetes policies
Limiting resource usage
Limiting container privileges
Limiting network access
Controlling access to nodes

Separating workload access
Protecting Cluster Components

Restricting access to etcd
Disabling features
Changing, removing and revoking credentials and tokens
Securing Container Image

Managing Docker and Kubernetes images
Building secure images
Controlling Access to Cloud Resources

Understanding cloud platform metadata
Limiting permissions to cloud resources
Evaluating Third Party Integrations

Minimizing the permissions granted to third party software
Evaluating components that can create pods
Establishing a Security Policy

Reviewing the existing security profile
Creating a security model
Cloud native security considerations
Other best practices
Encrypting Inactive Data

Encrypting backups
Encrypting the entire disk
Encrypting secret resources in etcd
Monitoring Activity

Enabling audit logging
Auditing and governing the software supply chain
Subscribing to security alerts and updates
Summary and Conclusion