Kubernetes CKS Full Course Theory + Practice + Browser Scenarios

Certified Kubernetes Security Specialist (CKS) preparation! This course does not include the 2024 changes and missing topics are: Cilium, PodSecurityStandards and SBOM. But these are included on https://killer.sh/cks and https://killercoda.com/killer-shell-cks. I will present each CKS topic in a simple and visual way. We'll run through various practical hands-on challenges. You'll setup own CKS cluster in which you'll learn, simple install scripts are provided. Instead of creating your own cluster you can also use the in-browser playground for mostly everything: https://killercoda.com/killer-shell-cks/scenario/playground. There are additional in-browser interactive scenarios to further study and harden your knowledge! Killercoda Scenarios: https://github.com/killer-sh/cks-course-environment/blob/master/Scenarios.md Section Resources: https://github.com/killer-sh/cks-course-environment/blob/master/Resources.md Github: https://github.com/killer-sh/cks-course-environment Slack Community: https://killer.sh/slack (channel cks) Chapters: 00:00:00 Introduction and Welcome 00:02:50 K8s Security Best Practices 00:13:07 Create your course K8s cluster 00:35:49 Crictl instead of Docker 00:38:02 Foundation - Kubernetes Secure Architecture 00:57:27 Foundation - Containers under the hood 01:18:12 Cluster Reset 01:18:53 Cluster Setup - Network Policies 01:46:54 Cluster Setup - GUI Elements 02:02:06 K8s Docs Version 02:02:48 Cluster Setup - Secure Ingress 02:23:54 Cluster Setup - Node Metadata Protection 02:34:13 Cluster Setup - CIS Benchmarks 02:47:47 Cluster Setup - Verify Platform Binaries 02:58:23 Cluster Hardening - RBAC 03:31:26 Cluster Hardening - Exercise caution in using ServiceAccounts 03:49:06 Cluster Hardening - Restrict API Access 04:17:25 Cluster Hardening - Upgrade Kubernetes 04:38:59 Microservice Vulnerabilities - Manage Kubernetes Secrets 05:26:44 Microservice Vulnerabilities - Container Runtime Sandboxes 05:55:19 Microservice Vulnerabilities - OS Level Security Domains 06:12:01 Microservice Vulnerabilities - mTLS 06:27:12 Cluster Reset 06:27:54 Open Policy Agent (OPA) 07:07:33 Supply Chain Security - Image Footprint 07:29:37 Supply Chain Security - Static Analysis 07:52:39 Supply Chain Security - Image Vulnerability Scanning 08:06:26 Supply Chain Security - Secure Supply Chain 08:32:01 Runtime Security - Behavioral Analytics at host and container level 09:16:36 Runtime Security - Immutability of containers at runtime 09:34:24 Runtime Security - Auditing 10:06:46 System Hardening - Kernel Hardening Tools 10:45:41 System Hardening - Reduce Attack Surface 11:05:20 CKS Simulator Please expect this course to take more time than just the recorded hours. For most topics you'll need some time to implement the scenarios yourself. Also breaks (hours or even days) between sections/topics should be advised to prevent brain implosion :) You should already have some Kubernetes Administrator knowledge before attending this course. And if you like to attend the real CKS exam you need to hold a valid CKA certification. But I also do some recap of CKA knowledge at the beginning, so no worries if your knowledge is a bit stale. Would you like to support this course? Consider subscribing to the Killercoda PLUS membership, even if just for a month! https://killercoda.com/pricing Happy learning, Team Killer Shell #kubernetes #k8s #cks #security #devops #devsecops #container #docker #linux