Certifed Kubernetes Security Specialist

Understanding and Practice of the Kubernetes Orchestration platfrom administration and
application deployment on kubernetes is the main objective of this program.

Kubernetes is a portable, extensible, open source platform for managing containerized
workloads and services, that facilitates both declarative configuration and automation.
It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are
widely available.

• Course Hours : Total course hours is 40 for Certified Kubernetes Security Specialist Program.
• Class : Total number of class is 15+ for Certified Kubernetes Administrator Program.
• Lab Simulation : Total number of lab is 30 for Certified Kubernetes Administrator Program.

 

Introduction to Kubernetes

 

Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation.It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.

The name Kubernetes originates from Greek, meaning helmsman or pilot. K8s as an abbreviation results from counting the eight letters between the “K” and the “s”.
Google open-sourced the Kubernetes project in 2014. Kubernetes combines over 15 years of Google’s experience running production workloads at scale with best-of breed ideas and practices from the community.

 

CKS CNCF Curriculum

 

10% – Cluster Setup

 

• Use Network Security Policies to Restrict Cluster Level Access.
• Use CIS Benchmark to Review the Security Configuration of Kubernetes Components (etcd, kubelet, kubedns, kubeapi).
• Properly set up Ingress Objects with Security Control.
• Protect Node Metadata and Endpoints. Minimize use of, and Access to, GUI Elements.
• Verify Platform Binaries Before Deploying.

 

15% – Cluster Hardening

 

• Restrict Access to Kubernetes API.
• Use Role Based Access Controls to Minimize Exposure.
• Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones. 
• Update Kubernetes Frequently.

 

15% – System Hardening

 

• Minimize host OS footprint (reduce attack surface).
• Minimize IAM roles.
• Minimize external access to the network.
• Appropriately use kernel hardening tools such as AppArmor, seccomp.

 

20% – Minimize Microservice Vulnerabilities

 

• Setup appropriate OS level security domains.
• Manage kubernetes secrets.
• Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers).
• Implement pod to pod encryption by use of mTLS.

 

20% – Supply Chain Security

 

• Minimize base image footprint.
• Secure your supply chain: whitelist allowed image registries, sign and validate images.
• Use static analysis of user workloads (e.g. kubernetes resources, docker files).
• Scan images for known vulnerabilities.

 

20% – Monitoring, Logging and Runtime Security

 

• Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities.
• Detect threats within physical infrastructure, apps, networks, data, users and workloads.
• Detect all phases of attack regardless where it occurs and how it spreads.
• Perform deep analytical investigation and identification of bad actors within environment.
• Ensure immutability of containers at runtime. Use Audit Logs to monitor access.

 

CKS Pre-requisite

 

What is the Certified Kubernetes Administrator (CKA) Certification? The Certified
KubernetesAdministrator (CKA) certification is designed to ensure that certification
holders have the skills, knowledge, and competency to perform the responsibilities
of Kubernetes Administrators.

 

Why You Should Learn Kubernetes

 

• Kubernetes Automates Containerized Environments.
• Scaling Up and Down.
• Strong Open Source Communities.
• Cost Efficiencies and Savings.
• Ability to Run Anywhere.
• Multi-Cloud Possibilities.
• Improve Developer Productivity.
• Native Tooling Available.