Title: Kubernetes Security 101: Best Practices to Secure your Cluster
Abstract: This workshop aims to give an overview of how Kubernetes works and provide some best practices to secure your cluster whenever you are deploying a new cluster on your own or via managed services such as GKE, EKS, or AKS. We are going to cover everything from the Control Plane or the Master Node, starting with the API server, including etcd, RBAC, and network policies. Then, we’ll cover the worker nodes, kubelet, audit logs, and pods best practices. We’ll talk about the CIS Benchmarks for Kubernetes and the default configurations you need to worry about when deploying a new cluster. We’ll show how to use RBAC and assign roles and permissions to your cluster users. We’ll demonstrate how to enable audit logs for better visibility and later we’ll set up some network policies to avoid communication between pods and prevent any lateral movement from attackers.
– What is Kubernetes?
– Why should I use it?
– What is the CNCF?
– What are cloud native applications?
– Control Plane (API Server, etcd, scheduler, controller-manager)
– Worker Nodes (kubelet, kube-proxy, and CRE)
Cluster, Nodes, Pods, and Namespaces
K8s API Objects
Setting up your first cluster
Deploying your web app as a pod
Using services and load balancers
Exposing web application
– API Server
– CIS K8s Benchmark
– Image Scanning
– Runtime Protection
– Network Policy
– Pod Security Policy (PSP) – Deprecated
– PSP Alternatives
– Audit Logs
Start time: 9 am EDT
Requirements: Have an AWS account. Know how to use an IDE. Basic understanding of git and YAML.