Welcome to lab 7 in the Kasten Kubernetes learning series—the first lab in learning module 3- Understanding Kubernetes Security
This lab is for those who want to understand how to secure cloud native applications on a Kubernetes cluster. Complete the lab to learn about the different security approaches in Kubernetes.
The lab consists of two sections. The first covers Kubernetes Security theory. The second provides hands-on keyboard command line experience. Each section is approximately 30 minutes long, however, your time may vary, depending on how quickly you pass either section. There are a total of 9 challenges to complete during this lab.
Important: On multiple-choice questions, note that more than one answer may be correct. The lab is timed, so it’s best to complete in one sitting.
This section will cover background topics and terminology for Kubernetes security. Each topic will review material on-screen, then pose a challenge question. You must answer the question correctly to proceed to the next section. The theory section includes the following topics:
This overview defines a model for thinking about Kubernetes security in the context of Cloud Native security.
You can think about security in layers. The 4C's of Cloud Native security are Cloud, Clusters, Containers, and Code.
Each layer of the Cloud Native security model builds upon the next outermost layer.
The Code layer, for example, benefits from three strong best practices (Cloud, Cluster, Container) security layers. Security standards and practices in the base layers cannot be addressed retroactively at the Code level.
In many ways, the Cloud (or co-located servers, or the corporate datacenter) is the trusted computing base of a Kubernetes cluster. If the Cloud layer is vulnerable (or configured in a vulnerable way) then there is no guarantee that the components built on top of this base are secure.
Each cloud provider makes security recommendations for running workloads securely in their environment.
When securing Kubernetes, one should focus on two particular areas:
Here are general recommendations to explore this topic:
Application code is one of the primary attack surfaces you have the most control over. While securing application code is outside of the Kubernetes security topic, here are recommendations to protect application code:
In this section, you will use hands-on commands to support CIS benchmarks and how those impact network isolation and image security. Each section of the hands-on exercise will provide the most important commands you need to understand to build a solid Kubernetes security profile for applications using common commands.
Yes. Be sure to complete reading and studying this blog post, the video showing the work to be performed during the lab, and the accompanying slides.
Go to Learning.Kasten.io to start the lab.
All the best. Enjoy!
Follow this link to explore these learning materials!
Do you want to try the new dark mode?