Kubernetes Security Fundamentals (LFS460)


Seminar - Ziel

This instructor-led course provides skills and knowledge across a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime.

This course exposes you to knowledge and skills needed to maintain security in dynamic, multi-project environments. This course addresses security concerns for cloud production environments and covers topics related to the security container supply chain, discussing topics from before a cluster has been configured through deployment, and ongoing, as well as agile use, including where to find ongoing security and vulnerability information. The course includes hands-on labs to build and secure a Kubernetes cluster, as well as monitor and log security events.

Teilnehmer - Zielgruppe

This course is ideal for anyone holding a CKA certification and interested in or responsible for cloud security.

Kurs - Voraussetzungen


  • 4 Tage
  • 09:00 Uhr bis 17:00 Uhr


  • nach Absprache

Seminar-Inhalt / Agenda


- Linux Foundation
- Linux Foundation Training
- Linux Foundation Certifications
- Linux Foundation Digital Badges
- Laboratory Exercises, Solutions and Resources
- E-Learning Course: LFS260
- Distribution Details
- Labs

Cloud Security Overview

- Multiple Projects
- What is Security?
- Assessment
- Prevention
- Detection
- Reaction
- Classes of Attackers
- Types of Attacks
- Attack Surfaces
- Hardware and Firmware Considerations
- Security Agencies
- Manage External Access
- Labs

Preparing to Install

- Image Supply Chain
- Runtime Sandbox
- Verify Platform Binaries
- Minimize Access to GUI
- Policy Based Control
- Labs

Installing the Cluster

- Update Kubernetes
- Tools to Harden the Kernel
- Kernel Hardening Examples
- Mitigating Kernel Vulnerabilities
- Labs

Securing the kube-apiserver

- Restrict Access to API
- Enable Kube-apiserver Auditing
- Configuring RBAC
- Pod Security Policies
- Minimize IAM Roles
- Protecting etcd
- CIS Benchmark
- Using Service Accounts
- Labs


- Firewalling Basics
- Network Plugins
- iptables
- Mitigate Brute Force Login Attempts
- Netfilter rule management
- Netfilter Implementation
- nft Concepts
- Ingress Objects
- Pod to Pod Encryption
- Restrict Cluster Level Access
- Labs

Workload Considerations

- Minimize Base Image
- Static Analysis of Workloads
- Runtime Analysis of Workloads
- Container Immutability
- Mandatory Access Control
- SELinux
- AppArmor
- Generate AppArmor Profiles
- Labs

Issue Detection

- Understanding Phases of Attack
- Preparation
- Understanding an Attack Progression
- During an Incident
- Handling Incident Aftermath
- Intrusion Detection Systems
- Threat Detection
- Behavioral Analytics
- Labs

Weitere Schulungen zu Thema Linux Foundation

Kubernetes for App Developers (LFD459)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

This course will teach you how to containerize, host, deploy, and configure an application in a multi-node cluster. It also serves as preparation for the Certified Kubernetes Application Developer (CKAD) exam. Starting with a simple Python script, this course will show you how ...

ONAP Essentials (LFS463)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

This course aims to provide you the conceptual and hands-on skills around ONAP, focusing -on: -The basics of Network Function Virtualization (NFV) -An introduction to The Linux Foundation ONAP project -Overview of the ONAP project’s architecture, subprojects and demos In ...

Developing Linux Device Drivers (LFD430)

- u.a. in Berlin, Hannover, Hamburg, Zürich, Virtual Classroom

This instructor-led Linux device driver course will teach you about the different types of Linux device drivers as well as the appropriate APIs and methods through which devices interface with the kernel. This course will cover the different kinds of device drivers used in ...

Fundamentals of Linux (LFS300)

- u.a. in Bremen, Hamburg, Köln, Nürnberg, Koblenz

In this course you will learn about the history of Linux, how to install Linux, how to use the Graphical User Interface, how to control Linux using the command line, basic Linux security, and much more.