kubernetes-security-workshop
Table of contents
- Introduction
- Setup
- Kubernetes architecture overview
- Securing Kubernetes components
- Securing our pods
- Rbac, namespaces and cluster roles
- Introduction to knative
- Securing application communication with knative
Introduction
This is the Kubernetes security workshop, we have three ways to run this workshop depending on the setup you have. You can run it on the cloud in Azure, locally via Minikube or on a low resource machine in Play with Kubernetes.
Setup
There are four methods to set up this workshop either to use in the classroom or after the workshop at your own pace. They are as follows
Google Kubernetes Engine
Azure
Minikube
Play with Kubernetes
Then familarise yourself with the application that we are going to deploy
All the code lives here
Kubernetes architecture overview
This module walks through the Kubernetes components and gives us a solid foundation for the rest of the workshop.
To run through the lab start here
Securing Kubernetes components
In this module we are going to look at securing all the kubernetes components with tls
To run through the lab start here
Securing our pods
In this module we will look at how to secure a Kubernetes deployment using our web application with pod security context.
To run through the lab start here
Rbac, namespaces and cluster roles
In this module we will take the application we deployed in pervious module but this time create a namespace and limit
the application to only have access to any resource in that namespace using service accounts, roles and role bindings.
To run through the lab start here
Introduction to knative
In this module we will look at what makes up knative
To run through the lab start here
Securing application communication with knative
In this module we will look at how to configure engress with istio
To run through the lab start here
Instructors
If you are giving this workshop there are some instructor notes here