
Install docker on linux from the command line, with root privileges, and set up the repository. Verify docker version and explore docker images, containers, and basic auditing with auditctl.
Explore the enterprise DevOps architecture, IT delivery processes, and continuous integration and delivery pipelines, linking business goals to delivery while addressing outsourcing challenges and enabling DevSecOps adoption.
Install Docker on Mac with Apple silicon, then run containers via terminal and the Docker desktop GUI, pull images like nginx, and manage containers with start and stop.
Learn Podman as a rootless, daemonless container engine, managing containers and pods with a Docker-like CLI. Explore similarities to Docker, use Podman Compose, and preview container orchestration concepts with Kubernetes.
Explore how to write and manage a Dockerfile, build images with docker build, and use layers, caching, and commands like from, copy, run, expose, and cmd to configure containers.
Master docker bench security, a bash tool that tests host, daemon, image, and runtime configurations against best practices, producing actionable security reports.
Scan docker images with Clair and Quay to extract layers via a json api, integrating with continuous integration and delivery to surface vulnerabilities, CVEs, and severity scores using qa.io.
Learn to analyze and certify docker images with anchore, using the enter engine, policy engine, and postgres database to assess vulnerabilities, generate reports, and extract image artifacts.
Learn to manage docker secrets and swarm services for secure container communication. Implement encrypted secret transmission, auditability, and environment-specific credentials across development, test, and production.
Master docker container networking built on Linux namespaces, including bridge, none, and host modes, and manage networks with docker network commands to connect containers, inspect networks, and prune unused ones.
Map ports in Docker by using publish and expose, connect containers via bridge networks to the host, and learn -p and -P port mappings with an nginx example.
Explore creating and connecting Docker networks, inspecting network details, and linking containers to communicate by name or hostname, with attention to environment variables and secret risks.
DevSecOps, short for Development, Security, and Operations, represents a holistic approach encompassing culture, automation, and platform design. It intertwines security as a collective responsibility across the entire IT lifecycle. DevOps goes beyond development and operations teams. To fully harness the agility and responsiveness of DevOps, IT security must be an integral part of the entire application lifecycle.
This comprehensive course provides a step-by-step roadmap for implementing robust security practices and tools within your DevOps framework. The journey begins with an exploration of DevOps architecture and its connection to DevSecOps, followed by a deep dive into two key container management platforms: Docker and Kubernetes. You will become proficient in container management, mastering tasks such as handling Docker files, acquiring and constructing custom container images, and optimizing them for efficiency.
In the subsequent sections, the course covers fortifying your DevOps tools with an added layer of security. You'll discover how to utilize Docker Registry, create your own registry, employ Docker Content Trust, safeguard your Docker daemon and host through Apparmor and Seccomp security profiles, implement Docker Bench Security, and perform audits on your Docker host. You'll also gain insights into protecting and analyzing vulnerabilities within your Docker images to prevent corruption, employing tools like Clair, Quay, Anchore, and the CVE database. You'll explore the creation and management of Docker secrets, networks, and port mapping. The course equips you with security monitoring tools like cAdvisor, Dive, Falco, as well as administration tools such as Portainer, Rancher, and Openshift.
The final part focuses on Kubernetes Security practices. You'll learn how to identify, address, and prevent security risks within Kubernetes and apply best security practices. The course delves into the usage of KubeBench and Kubernetes Dashboard to enhance your Kubernetes Security, while also introducing Prometheus and Grafana for monitoring and scrutinizing your Kubernetes clusters for vulnerabilities.
The course content is structured into:
Examining the challenges, methodologies, and tools of DevSecOps, emphasizing the integration of security early in the DevOps application design and delivery processes.
Investigating prominent container platforms, such as Docker and Kubernetes, which underpin both development and operations teams, with a glance at alternative tools like Podman.
Mastering Docker, including image and container management, Dockerfile commands, and image optimization to reduce the attack surface.
Delving into security best practices, Docker capabilities, and the creation of private registries for image protection. The section also covers Docker Content Trust and Docker Registry for secure image uploads.
Understanding Docker daemon, AppArmor, Seccomp profiles, Docker bench security, and Lynis for adhering to security best practices in a production Docker environment.
Building container images securely with open-source tools like Clair and Anchore to detect vulnerabilities before deployment.
Identifying Docker container threats, vulnerabilities in Docker images, and tools for gathering vulnerability information in container applications.
Learning Docker secrets, networking components, port mapping, and how to expose container services to the host.
Establishing a comprehensive monitoring strategy for Docker infrastructure, covering event collection, performance metrics, and network statistics.
Utilizing open-source administration tools like Portainer, Rancher, and Openshift for Docker container management.
Exploring Kubernetes architecture, components, objects, and networking, along with tools like minikube for cluster deployment.
Implementing Kubernetes security best practices, emphasizing the principle of least privilege for components and pods.
Executing security controls as documented in the CIS Kubernetes Benchmark guide using Kubernetes bench for security project, and reviewing critical vulnerabilities in Kubernetes.
Assessing production capabilities when running Kubernetes, with a focus on observability, monitoring, and tools like Kubernetes dashboard, Prometheus, and Grafana for cluster metrics.