Course Length: 2 days Kubernetes and Container-based Application Security + 1 day Kubernetes networking deep dive + 2 days Kubernetes Storage Administration with Ceph and Rook, 5 days altogether
Kubernetes is the de-facto system for container orchestration, e.g. automating the deployment, scaling and management of microservices-based, containerized applications. This training builds on the knowledge gained by students on one of our Kubernetes administration trainings and teaches advanced topics about Kubernetes security, networking, and storage administration for them.
It first introduces participants to the concepts, procedures, and best practices to harden Kubernetes based systems and container-based applications against security threats. It deals with the main areas of cloud-native security: Kubernetes cluster setup, Kubernetes cluster hardening, hardening the underlying operating system and networks, minimizing microservices vulnerabilities, obtaining supply chain security as well as monitoring, logging, and runtime security.
The second part deals with the ways of connecting containerized applications to physical and virtual computer networks while keeping them isolated from each other. Participants of this training will learn about the different types of networking resources that facilitates the connectivity for containers, the Container Network Interface (CNI) as well as CNI plugins.
In the third part of this training participants learn about the main concept and architecture of Ceph, its installation and daily operation as well as using it in Kubernetes environments with the help of Rook. CEPH is an open-source distributed and fault tolerant storage system widely used in cloud environments. It is one of the more popular solutions for the storage needs of Kubernetes environments. Rook is an open-source storage manager allowing the integration of Ceph into Kubernetes and helps the management of the storage cluster.
Besides in-depth theoretical coverage, students also do hands-on exercises in their own Kubernetes lab system throughout the training.
This course doesn’t only deal with the daily and advanced administration of Kubernetes and container based systems but also prepares for the official Certified Kubernetes Security Specialist (CKS) exams of the Cloud Native Computing Foundation (CNCF)
Target audience: System administrators, developers and devops who participated on one of our Kubernetes administration trainings or have a Certified Kubernetes Administrator (CKA) certification and want to learn about securing Kubernetes based systems and container-based applications and want to understand and use Kubernetes network features as well as the Ceph/Rook storage solution in Kubernetes environments.
Structure: 50% theory 50% hands on lab exercises.
Prerequisites: Linux container (e.g. Docker) and Kubernetes admin. skills, for instance by participating on our Docker and Kubernetes administration courses.