Kubernetes CKS 2023 Complete Course + Simulator

11h 6m 23s
English
Paid

Welcome! Get all you need for your Certified Kubernetes Security Specialist (CKS) preparation here! I'm Kim, a seasoned Kubernetes Trainer and Author, and the creator of the Killer Shell CKS|CKA|CKAD Simulators.

Course Overview

Comprehensive and Engaging Learning:

  • Explore each CKS topic visually and easily.

  • Engage in various practical hands-on challenges for every topic.

  • Set up your own CKS cluster with simple scripts provided.

  • Access a Github course repository filled with examples used throughout the course.

  • Test your knowledge with the Killer Shell CKS simulator, including two free identical sessions.

  • Participate in the Killer Shell private Slack community for exam discussions and topic insights.

Simulator Details

Included in the course are two Killer Shell CKS Simulator sessions with identical questions. Use the simulator wisely, as it simulates the real exam. If you do not pass the real exam, you'll receive an additional session for free.

Course Expectations

Prepare for the course to require more time than the recorded videos. Implement the scenarios individually, and take breaks—hours or even days—between sections to fully absorb the material and prevent burnout.

Prerequisites

Before participating in this course, you should possess some Kubernetes Administrator experience. Remember, to take the real CKS exam, you must hold a valid CKA certification. Don't worry if your CKA knowledge needs a refresh; we'll recap key concepts at the beginning.

About the Author: udemy

udemy thumbnail
By connecting students all over the world to the best instructors, Udemy is helping individuals reach their goals and pursue their dreams. Udemy is the leading global marketplace for teaching and learning, connecting millions of students to the skills they need to succeed. Udemy helps organizations of all kinds prepare for the ever-evolving future of work. Our curated collection of top-rated business and technical courses gives companies, governments, and nonprofits the power to develop in-house expertise and satisfy employees’ hunger for learning and development.

Watch Online 160 lessons

This is a demo lesson (10:00 remaining)

You can watch up to 10 minutes for free. Subscribe to unlock all 160 lessons in this course and access 10,000+ hours of premium content across all courses.

View Pricing
0:00
/
#1: Welcome
All Course Lessons (160)
#Lesson TitleDurationAccess
1
Welcome Demo
02:31
2
Best Video Quality
00:30
3
K8s Security Best Practices
10:17
4
Cluster Specification
02:43
5
Practice - Create GCP Account
03:48
6
Practice - Configure "gcloud" command
04:54
7
Practice - Create Kubeadm Cluster in GCP
08:40
8
Practice - Firewall rules for NodePorts
01:01
9
Notice: Always stop your instances
01:40
10
Containerd Course Upgrade
01:10
11
Recap
01:04
12
How to get Access
01:22
13
Intro
12:18
14
Practice - Find various K8s certificates
05:56
15
Recap
01:12
16
Intro
10:18
17
Container Tools Introduction
06:03
18
Practice - The PID Namespace
03:34
19
Recap
00:43
20
Cluster Reset
00:43
21
Introduction 1
04:10
22
Introduction 2
05:05
23
Practice - Default Deny
03:54
24
Practice - Frontend to Backend traffic
06:16
25
Practice - Backend to Database traffic
07:27
26
Recap
01:01
27
Introduction
04:10
28
Practice - Install Dashboard
01:10
29
Practice - Outside Insecure Access
04:40
30
Practice - RBAC for the Dashboard
03:35
31
Recap
01:42
32
K8s Docs in correct Version
00:43
33
Introduction
03:57
34
Practice - Create an Ingress
07:40
35
Practice - Secure an Ingress
08:54
36
Recap
00:27
37
Introduction
03:05
38
Practice: Access Node Metadata
02:03
39
Practice: Protect Node Metadata via NetworkPolicy
04:28
40
Recap
00:36
41
Introduction
02:25
42
Practice - CIS in Action
05:18
43
Practice - kube-bench
03:51
44
Recap
01:52
45
Introduction
01:15
46
Practice - Download and verify K8s release
03:28
47
Practice - Verify apiserver binary running in our cluster
05:13
48
Recap
00:32
49
Intro
09:11
50
Practice - Role and Rolebinding
05:01
51
Practice - ClusterRole and ClusterRoleBinding
04:02
52
Accounts and Users
04:16
53
Practice - CertificateSigningRequests
09:26
54
Recap
01:01
55
Intro
01:21
56
Practice - Pod uses custom ServiceAccount
08:59
57
Practice - Disable ServiceAccount mounting
03:23
58
Practice - Limit ServiceAccounts using RBAC
02:43
59
Recap
01:08
60
Introduction
04:24
61
Practice - Anonymous Access
04:08
62
Practice - Insecure Access
04:09
63
Practice - Manual API Request
03:40
64
Practice - External Apiserver Access
06:35
65
NodeRestriction AdmissionController
02:03
66
Practice - Verify NodeRestriction
03:46
67
Recap
00:51
68
Introduction
06:33
69
Practice - Create outdated cluster
03:38
70
Practice - Upgrade controlplane node
06:21
71
Practice - Upgrade node
03:58
72
Recap
01:08
73
Introduction
03:39
74
Practice - Create Simple Secret Scenario
05:35
75
Practice - Hack Secrets in Container Runtime
05:43
76
Practice - Hack Secrets in ETCD
03:48
77
ETCD Encryption
05:21
78
Practice - Encrypt ETCD
18:42
79
Recap
04:51
80
Introduction
06:36
81
Practice - Container calls Linux Kernel
03:06
82
Open Container Initiative OCI
03:26
83
Sandbox Runtime Katacontainers
02:11
84
Sandbox Runtime gVisor
02:05
85
Practice - Create and use RuntimeClasses
03:55
86
Practice - Install and use gVisor
06:04
87
Recap
01:08
88
Intro and Security Contexts
03:19
89
Practice - Set Container User and Group
03:48
90
Practice - Force Container Non-Root
02:27
91
Privileged Containers
01:35
92
Practice - Create Privileged Containers
02:51
93
PrivilegeEscalation
00:57
94
Practice - Disable PriviledgeEscalation
01:39
95
Intro
07:57
96
Practice - Create sidecar proxy
06:09
97
Recap
01:08
98
Cluster Reset
00:43
99
Introduction
05:59
100
Practice - Install OPA
03:20
101
Practice - Deny All Policy
10:40
102
Practice - Enforce Namespace Labels
09:21
103
Practice - Enforce Deployment replica count
04:32
104
Practice - The Rego Playground and more examples
04:14
105
Recap
01:38
106
Introduction
04:50
107
Practice - Reduce Image Footprint with Multi-Stage
07:00
108
Practice - Secure and harden Images
08:11
109
Recap
01:55
110
Introduction
06:55
111
Kubesec
02:13
112
Practice - Kubesec
03:27
113
OPA Conftest
01:32
114
Practice - OPA Conftest for K8s YAML
04:08
115
Practice - OPA Conftest for Dockerfile
03:22
116
Recap
01:19
117
Introduction
07:05
118
Clair and Trivy
01:08
119
Practice - Use Trivy to scan images
04:21
120
Recap
01:05
121
Introduction
03:29
122
Practice - Image Digest
03:59
123
Practice - Whitelist Registries with OPA
05:40
124
ImagePolicyWebhook
01:47
125
Practice - ImagePolicyWebhook
09:53
126
Recap
00:39
127
Introduction
03:23
128
Practice - Strace
04:23
129
Practice - Strace and /proc on ETCD
07:09
130
Practice - /proc and env variables
04:46
131
Practice - Falco and Installation
04:18
132
Practice - Use Falco to find malicious processes
05:24
133
Practice - Investigate Falco rules
04:51
134
Practice - Change Falco Rule
08:44
135
Recap
01:31
136
Introduction
03:35
137
Ways to enforce immutability
04:48
138
Practice - StartupProbe changes container
03:35
139
Practice - SecurityContext renders container immutable
04:52
140
Recap
00:51
141
Introduction
11:40
142
Practice - Enable Audit Logging in Apiserver
05:53
143
Practice - Create Secret and check Audit Logs
03:06
144
Practice - Create advanced Audit Policy
10:13
145
Recap
01:23
146
Introduction
02:47
147
AppArmor
02:44
148
Practice - AppArmor for curl
06:09
149
Practice - AppArmor for Docker Nginx
05:57
150
Practice - AppArmor for Kubernetes Nginx
05:40
151
Seccomp
03:34
152
Practice - Seccomp for Docker Nginx
02:40
153
Practice - Seccomp for Kubernetes Nginx
07:47
154
Recap
01:33
155
Introduction
04:54
156
Practice - Systemctl and Services
02:06
157
Practice - Install and investigate Services
04:50
158
Practice - Disable application listening on port
02:03
159
Practice - Investigate Linux Users
04:34
160
Recap
01:06
Unlock unlimited learning

Get instant access to all 159 lessons in this course, plus thousands of other premium courses. One subscription, unlimited knowledge.

Learn more about subscription