
Learn Kubernetes security in detail through practical, hands-on topics and regularly updated resources, including 350+ downloadable PPT slides, a GitHub repository of commands, and a Discord community for support.
Learn the end-to-end workflow for issuing signed certificates in Kubernetes, from generating a private key and CSR to signing with the certificate authority and deploying TLS or client authentication certificates.
Configure the api server, generate certificates for etcd and the service account, download Kubernetes binaries, and start the api server with essential flags, then verify with netstat and curl.
Explore how Kubernetes ingress uses host-based routing rules to direct traffic to services via an ingress controller, replacing many load balancers with a single gateway.
Learn how Kubernetes network policies control pod traffic with ingress and egress using pod, namespace, and ip block selectors, enforcing app to database connections.
Explore the kubeadm file structure, including the ATC Kubernetes directory with PKI certificates and kube config files, and learn how static pods and kubelet configure the control plane.
Create a service account and generate a token with a longer duration for RBAC testing, set it as an environment variable, and use curl to validate role binding with kubectl.
Explore how service accounts authenticate pods to the Kubernetes cluster using tokens. Learn how a pod receives a token to perform actions with defined permissions.
Configure a kubeadm based control plane and worker on two virtual machines, run automated scripts to initialize and join, then apply the upgrade plan from 1.31 to 1.32.
Discover how projected volumes consolidate secrets and config maps into a single pod mount. See a secret and a config map mounted together via an all-in-one volume.
learn to set capabilities for containers in a pod by using the security context to add or drop capabilities, compare default capabilities, and verify changes.
Apply pod security standard and pod security admission with an explicit mode version. Explore how default namespace labels, dry run, and exemptions affect deployments and pods.
Implement the image policy webhook admission controller in Kubernetes using an external image validator, a Python Flask service, and configuration files to enforce allowed and denied images.
Explore how Cilium uses eBPF to cut overhead and boost performance. It offers layer 3–7 network policies, observability with Hubble, and transparent encryption with IPsec and WireGuard.
Learn how to enforce a read only root file system in containers via security context, and use an emptyDir mounted to /tmp to support temporary writes when needed.
Master practical mutual TLS with Istio, acting as CA, managing sidecar injection, deploying pods, applying peer authentication, and validating certificate exchange with istioctl.
Explore integrating AppArmor with Kubernetes by applying AppArmor profiles in a pod's security context, including localhost and other types, with a deny-right example.
Trivy is an open source, simple vulnerability scanner for containers that analyzes container images for known vulnerabilities, supports installation across many OS and Docker, and surfaces severities and CVE IDs.
Demonstrates using kube bench to scan Kubernetes clusters against the benchmark, identify failing checks on master and worker nodes, and apply remediation steps for secure configuration.
Configure the docker daemon with /etc/docker/daemon.json to run in the background using required flags. The video shows the command line interface vs daemon.json and DNS in container resolv.conf (8.8.4.4).
Explore how Falco loads rule files from Falco.yaml and default Falco_rules.yaml, uses Falco_rules.local.yaml for custom rules, and triggers host and container alerts, like sensitive file opened by root.
Learn to write custom Falco rules and macros for Kubernetes pods, detect curl executions inside containers, and produce outputs with container ID and container name for precise alerts.
Explore the falco.yaml configuration file and how it defines Falco's global settings, including syslog output. Learn to use config.d and rules.d for extra configs and troubleshooting.
Explain how Kubernetes audit logging captures security-relevant events. Define the four audit policy levels—none, metadata, requests, and request response—and how to apply rules.
This course is specifically designed for the aspirants who intend to give the "Certified Kubernetes Security Specialist" certification as well as for individuals who intend to gain a strong foundation in Kubernetes Security.
One of the pre-requisites for the course is the candidate's prior understanding on the topics discussed in the CKA certification.
We begin the journey with setting up a Hardened Kubernetes cluster from absolute scratch and then the deep dive journey into various K8s + Security begins.
This course also has an exam preparation section with a series of practice tests to verify the candidate's understanding of the topics discussed and verify if the candidate is ready to give the official certification exams.
Keeping the standards high similar to other best-seller courses of Zeal, this course has a perfect balance, and every topic is explained in a simplified way with practical scenarios.
With tons of practicals, easy-to-understand videos, and a dedicated exam preparation section, this course is all you need to gain a deeper understanding of Kubernetes and ace the official Certified Kubernetes Security Specialist" certification.
With this exciting set of learnings and practicals, I look forward to seeing you in this course and be part of your journey into Kubernetes and getting CKS certified.