kubernetes-security-workshop

Table of contents

  1. Introduction
  2. Setup
    1. Azure
    2. Minikube
    3. Play with Kubernetes
  3. Kubernetes architecture overview
  4. Securing Kubernetes components
  5. Securing our pods
  6. Rbac, namespaces and cluster roles
  7. Introduction to istio
  8. Securing application communication with istio

The slides can be found here

Introduction

This is the Kubernetes security workshop, we have three ways to run this workshop depending on the setup you have. You can run it on the cloud in Azure, locally via Minikube or on a low resource machine in Play with Kubernetes.

Setup

There are four methods to set up this workshop either to use in the classroom or after the workshop at your own pace. They are as follows
Azure
Minikube
Play with Kubernetes

Then familarise yourself with the application that we are going to deploy
All the code lives here

Kubernetes architecture overview

This module walks through the Kubernetes components and gives us a solid foundation for the rest of the workshop.
To run through the lab start here

Securing Kubernetes components

In this module we are going to look at securing all the kubernetes components with tls
To run through the lab start here

Securing our pods

In this module we will look at how to secure a Kubernetes deployment using our web application with pod security context.
To run through the lab start here

Rbac, namespaces and cluster roles

In this module we will take the application we deployed in pervious module but this time create a namespace and limit
the application to only have access to any resource in that namespace using service accounts, roles and role bindings.
To run through the lab start here

Introduction to istio

In this module we will look at what makes up istio
To run through the lab start here

Securing application communication with istio

In this module we will look at how to configure engress with istio
To run through the lab start here

Instructors

If you are giving this workshop there are some instructor notes here