Kubernetes CKS 2023 Complete Course + Simulator
Hi there! All you need for your Certified Kubernetes Security Specialist preparation in one place ! I'm Kim, Kubernetes Trainer and Author, also the creator of the Killer Shell CKS|CKA|CKAD Simulators.
More
I will present every CKS topic to you in a simple, visual and easy way:
For every topic we'll also run through various practical hands-on challenges together
We'll setup your own CKS cluster together, for this we provide simple scripts!
We also have a Github course repository with various examples which we use throughout this course
At the end you'll test your knowledge by attending the Killer Shell CKS simulator for which two free identical sessions are included in this course
Join the Killer Shell private Slack community for exam and topic discussion
Simulator
Two Killer Shell CKS Simulator sessions with identical questions are included in this course. The simulator cannot be used indefinitely, so treat the simulator like the real exam, come prepared. Should you fail the real exam you get another session for free.
Please expect this course to take more time than just our recorded hours. For most topics you'll need some time to implement the scenarios yourself. Also breaks (hours or even days) between sections/topics should be advised to prevent brain implosion :)
You should already have some Kubernetes Administrator knowledge before attending this course. And if you like to attend the real CKS exam you need to hold a valid CKA certification. But we also do some recap of CKA knowledge at the beginning, so no worries if your knowledge is a bit stale.
Watch Online Kubernetes CKS 2023 Complete Course + Simulator
# | Title | Duration |
---|---|---|
1 | Welcome | 02:31 |
2 | Best Video Quality | 00:30 |
3 | K8s Security Best Practices | 10:17 |
4 | Cluster Specification | 02:43 |
5 | Practice - Create GCP Account | 03:48 |
6 | Practice - Configure "gcloud" command | 04:54 |
7 | Practice - Create Kubeadm Cluster in GCP | 08:40 |
8 | Practice - Firewall rules for NodePorts | 01:01 |
9 | Notice: Always stop your instances | 01:40 |
10 | Containerd Course Upgrade | 01:10 |
11 | Recap | 01:04 |
12 | How to get Access | 01:22 |
13 | Intro | 12:18 |
14 | Practice - Find various K8s certificates | 05:56 |
15 | Recap | 01:12 |
16 | Intro | 10:18 |
17 | Container Tools Introduction | 06:03 |
18 | Practice - The PID Namespace | 03:34 |
19 | Recap | 00:43 |
20 | Cluster Reset | 00:43 |
21 | Introduction 1 | 04:10 |
22 | Introduction 2 | 05:05 |
23 | Practice - Default Deny | 03:54 |
24 | Practice - Frontend to Backend traffic | 06:16 |
25 | Practice - Backend to Database traffic | 07:27 |
26 | Recap | 01:01 |
27 | Introduction | 04:10 |
28 | Practice - Install Dashboard | 01:10 |
29 | Practice - Outside Insecure Access | 04:40 |
30 | Practice - RBAC for the Dashboard | 03:35 |
31 | Recap | 01:42 |
32 | K8s Docs in correct Version | 00:43 |
33 | Introduction | 03:57 |
34 | Practice - Create an Ingress | 07:40 |
35 | Practice - Secure an Ingress | 08:54 |
36 | Recap | 00:27 |
37 | Introduction | 03:05 |
38 | Practice: Access Node Metadata | 02:03 |
39 | Practice: Protect Node Metadata via NetworkPolicy | 04:28 |
40 | Recap | 00:36 |
41 | Introduction | 02:25 |
42 | Practice - CIS in Action | 05:18 |
43 | Practice - kube-bench | 03:51 |
44 | Recap | 01:52 |
45 | Introduction | 01:15 |
46 | Practice - Download and verify K8s release | 03:28 |
47 | Practice - Verify apiserver binary running in our cluster | 05:13 |
48 | Recap | 00:32 |
49 | Intro | 09:11 |
50 | Practice - Role and Rolebinding | 05:01 |
51 | Practice - ClusterRole and ClusterRoleBinding | 04:02 |
52 | Accounts and Users | 04:16 |
53 | Practice - CertificateSigningRequests | 09:26 |
54 | Recap | 01:01 |
55 | Intro | 01:21 |
56 | Practice - Pod uses custom ServiceAccount | 08:59 |
57 | Practice - Disable ServiceAccount mounting | 03:23 |
58 | Practice - Limit ServiceAccounts using RBAC | 02:43 |
59 | Recap | 01:08 |
60 | Introduction | 04:24 |
61 | Practice - Anonymous Access | 04:08 |
62 | Practice - Insecure Access | 04:09 |
63 | Practice - Manual API Request | 03:40 |
64 | Practice - External Apiserver Access | 06:35 |
65 | NodeRestriction AdmissionController | 02:03 |
66 | Practice - Verify NodeRestriction | 03:46 |
67 | Recap | 00:51 |
68 | Introduction | 06:33 |
69 | Practice - Create outdated cluster | 03:38 |
70 | Practice - Upgrade controlplane node | 06:21 |
71 | Practice - Upgrade node | 03:58 |
72 | Recap | 01:08 |
73 | Introduction | 03:39 |
74 | Practice - Create Simple Secret Scenario | 05:35 |
75 | Practice - Hack Secrets in Container Runtime | 05:43 |
76 | Practice - Hack Secrets in ETCD | 03:48 |
77 | ETCD Encryption | 05:21 |
78 | Practice - Encrypt ETCD | 18:42 |
79 | Recap | 04:51 |
80 | Introduction | 06:36 |
81 | Practice - Container calls Linux Kernel | 03:06 |
82 | Open Container Initiative OCI | 03:26 |
83 | Sandbox Runtime Katacontainers | 02:11 |
84 | Sandbox Runtime gVisor | 02:05 |
85 | Practice - Create and use RuntimeClasses | 03:55 |
86 | Practice - Install and use gVisor | 06:04 |
87 | Recap | 01:08 |
88 | Intro and Security Contexts | 03:19 |
89 | Practice - Set Container User and Group | 03:48 |
90 | Practice - Force Container Non-Root | 02:27 |
91 | Privileged Containers | 01:35 |
92 | Practice - Create Privileged Containers | 02:51 |
93 | PrivilegeEscalation | 00:57 |
94 | Practice - Disable PriviledgeEscalation | 01:39 |
95 | Intro | 07:57 |
96 | Practice - Create sidecar proxy | 06:09 |
97 | Recap | 01:08 |
98 | Cluster Reset | 00:43 |
99 | Introduction | 05:59 |
100 | Practice - Install OPA | 03:20 |
101 | Practice - Deny All Policy | 10:40 |
102 | Practice - Enforce Namespace Labels | 09:21 |
103 | Practice - Enforce Deployment replica count | 04:32 |
104 | Practice - The Rego Playground and more examples | 04:14 |
105 | Recap | 01:38 |
106 | Introduction | 04:50 |
107 | Practice - Reduce Image Footprint with Multi-Stage | 07:00 |
108 | Practice - Secure and harden Images | 08:11 |
109 | Recap | 01:55 |
110 | Introduction | 06:55 |
111 | Kubesec | 02:13 |
112 | Practice - Kubesec | 03:27 |
113 | OPA Conftest | 01:32 |
114 | Practice - OPA Conftest for K8s YAML | 04:08 |
115 | Practice - OPA Conftest for Dockerfile | 03:22 |
116 | Recap | 01:19 |
117 | Introduction | 07:05 |
118 | Clair and Trivy | 01:08 |
119 | Practice - Use Trivy to scan images | 04:21 |
120 | Recap | 01:05 |
121 | Introduction | 03:29 |
122 | Practice - Image Digest | 03:59 |
123 | Practice - Whitelist Registries with OPA | 05:40 |
124 | ImagePolicyWebhook | 01:47 |
125 | Practice - ImagePolicyWebhook | 09:53 |
126 | Recap | 00:39 |
127 | Introduction | 03:23 |
128 | Practice - Strace | 04:23 |
129 | Practice - Strace and /proc on ETCD | 07:09 |
130 | Practice - /proc and env variables | 04:46 |
131 | Practice - Falco and Installation | 04:18 |
132 | Practice - Use Falco to find malicious processes | 05:24 |
133 | Practice - Investigate Falco rules | 04:51 |
134 | Practice - Change Falco Rule | 08:44 |
135 | Recap | 01:31 |
136 | Introduction | 03:35 |
137 | Ways to enforce immutability | 04:48 |
138 | Practice - StartupProbe changes container | 03:35 |
139 | Practice - SecurityContext renders container immutable | 04:52 |
140 | Recap | 00:51 |
141 | Introduction | 11:40 |
142 | Practice - Enable Audit Logging in Apiserver | 05:53 |
143 | Practice - Create Secret and check Audit Logs | 03:06 |
144 | Practice - Create advanced Audit Policy | 10:13 |
145 | Recap | 01:23 |
146 | Introduction | 02:47 |
147 | AppArmor | 02:44 |
148 | Practice - AppArmor for curl | 06:09 |
149 | Practice - AppArmor for Docker Nginx | 05:57 |
150 | Practice - AppArmor for Kubernetes Nginx | 05:40 |
151 | Seccomp | 03:34 |
152 | Practice - Seccomp for Docker Nginx | 02:40 |
153 | Practice - Seccomp for Kubernetes Nginx | 07:47 |
154 | Recap | 01:33 |
155 | Introduction | 04:54 |
156 | Practice - Systemctl and Services | 02:06 |
157 | Practice - Install and investigate Services | 04:50 |
158 | Practice - Disable application listening on port | 02:03 |
159 | Practice - Investigate Linux Users | 04:34 |
160 | Recap | 01:06 |