課程大綱: Kubernetes Security培訓
Introduction
Overview of the Kubernetes API and Security Features
Access to HTTPS endpoints, Kubernetes API, nodes, and containers
Kubernetes Authentication and Authorization features
How Hackers Attack Your Cluster
How hackers find your etcd port, Kubernetes API, and other services
How hackers execute code inside your container
How hackers escalate their privileges
Case study: How Tesla exposed its Kubernetes cluster
Setting up Kubernetes
Choosing a distribution
Installing Kubernetes
Using Credentials and Secrets
The credentials life cycle
Understanding secrets
Distributing credentials
Controlling Access to the Kubernetes API
Encrypting API traffic with TLS
Implementing authentication for API servers
Implementing authorization for different roles
Controlling User and Workload Capabilities
Understanding Kubernetes policies
Limiting resource usage
Limiting container privileges
Limiting network access
Controlling access to nodes
Separating workload access
Protecting Cluster Components
Restricting access to etcd
Disabling features
Changing, removing and revoking credentials and tokens
Securing Container Image
Managing Docker and Kubernetes images
Building secure images
Controlling Access to Cloud Resources
Understanding cloud platform metadata
Limiting permissions to cloud resources
Evaluating Third Party Integrations
Minimizing the permissions granted to third party software
Evaluating components that can create pods
Establishing a Security Policy
Reviewing the existing security profile
Creating a security model
Cloud native security considerations
Other best practices
Encrypting Inactive Data
Encrypting backups
Encrypting the entire disk
Encrypting secret resources in etcd
Monitoring Activity
Enabling audit logging
Auditing and governing the software supply chain
Subscribing to security alerts and updates
Summary and Conclusion
加入高級會員獲得助教答疑
