Container & Kubernetes Security 

Course & Training

Intensive Introduction to Security Aspects of Kubernetes and Container Environments, including Best Practices and Overview of Potential Threats.

In this course, participants will learn the fundamentals of security in Kubernetes and Container environments, and how to protect their applications and infrastructures from potential threats.

In-House Course:

We are happy to conduct tailored courses for your team - on-site, remotely or in our course rooms.

Request In-House Course

Content:


The course guides participants through the following topics. Depending on the questions and interests of the participants, focus areas will be emphasized and ad-hoc topics added:

– Introduction to Container and Kubernetes Security:
... - Security challenges and strategies
... - Overview of security architecture and tools
– Container Image Security:
... - Secure Base Images and Image Scanning
... - Integrity and Trustworthiness of Images
... - Minimization of Image Size and Attack Surface
... - Hardening Container Images
– Network Security in Kubernetes:
... - Isolation of Namespaces and Network Resources
... - Network Policies and Ingress/Egress Rules
... - Brief Overview of Service Mesh and mTLS (with Cilium)
... - Security Considerations for Ingress
... - Introduction to Gateway API
– Kubernetes API and Authentication:
... - RBAC (Role-Based Access Control)
... - API Security and Auditing
... - Secrets Management and Encryption
– Pod Security and Resource Limitations:
... - Pod Security Admission Controller
... - Container Runtime Security
... - Resource Quotas and LimitRanges
... - Security Mechanisms with gVisor
– Monitoring and Logging for Security Incidents:
... - Overview of Tools and Techniques
... - Monitoring with Falco
– Automation of Security Checks in CI/CD Pipelines:
... - Integrating Security Checks into Development Cycle
... - Using Tools like Trivy and kube-bench
... - Signing and Verifying Container Images with Sigstore Cosign
– Policy Enforcement:
... - Using Gatekeeper/OPA and Kyverno for Policy Enforcement
– Mini "Capture The Flag" Example:
... - Hands-on exercises to reinforce security knowledge

You will not only get to know these concepts, but also implement them in practice.


Disclaimer: The actual course content may vary from the above, depending on the trainer, implementation, duration and constellation of participants.

Whether we call it training, course, workshop or seminar, we want to pick up participants at their point and equip them with the necessary practical knowledge so that they can apply the technology directly after the training and deepen it independently.

Goal:

After the course, participants will be able to apply Best Practices for securing their applications and infrastructures in Kubernetes and Container environments.


Form:

The course is well structured and consists of theoretical explanations and practical exercises. You will be accompanied by an experienced trainer who can answer questions related to Kubernetes & Container Security.


Target Audience:

The course is aimed at Software, DevOps, and System Engineers or Architects who already have basic knowledge in orchestrating containers with Kubernetes.


Requirements:

Basic understanding of Kubernetes and Container Orchestration.
Familiarity with kubectl (apply, get, describe, delete, logs, exec).
Basic knowledge of Linux and the command line.


Preparation:

Every participant will receive a questionnaire and a preparation checklist after registration. We provide a comprehensive laboratory environment for each participant, so that all participants can directly implement their own experiments and even complex scenarios.

Request In-House Course:

In-House Kurs Anfragen

Waitinglist for public course:

Sign up for the waiting list for more public course dates. Once we have enough people on the waiting list, we will determine a date that suits everyone as much as possible and schedule a new session. If you want to participate directly with two colleagues, we can even plan a public course specifically for you.

Waiting List Request

(If you already have 3 or more participants, we will discuss your preferred date directly with you and announce the course.)

More about Kubernetes Security



Kubernetes Security is a multi-layered approach to protecting container workloads and cluster infrastructure. It encompasses aspects such as authentication, authorization, network security, pod security, and supply chain security, which together form a comprehensive security model.




History


The development of Kubernetes security began with fundamental concepts like RBAC, developed by Eric Tune and Jordan Liggitt. As Kubernetes adoption in production environments grew, security became a major focus of the community.


A significant milestone was the introduction of Pod Security Policies (PSP) in 2016, later replaced by the Pod Security Admission Controller. Tim Allclair and the Kubernetes Security Team led this evolution. The integration of Gatekeeper as a policy engine marked another important step.


Today, Kubernetes security is its own ecosystem with tools like Falco (developed by Sysdig), Trivy (by Aqua Security), and Sigstore for supply chain security. The establishment of the Security Special Interest Group (SIG) and the introduction of the CKS certification demonstrate the growing importance of security in the Kubernetes world. Projects like the Gateway API and service mesh technologies continue to expand security capabilities.





Share by: