• Live training

Workshop DevSecOps Advanced


DevSecOps Advanced training covers the security of containerized application infrastructures, including recommended best practices for securing the network and the applications.

 

 

Esta formação é ministrada em Inglês.

Em parceria com a entidade acreditada:

Cursos relacionados

Destinatários

  • People familiar with containerized applications and container orchestration technologies, wishing to improve the security of their environment
  • DevOps engineers
  • Linux system administrators
  • Systems design engineers
  • Architects

Pré-requisitos

  • Strong grasp of container basics (recommended training: Docker Fundamentals)
  • Strong grasp of Kubernetes terminology and Kubernetes cluster operation fundamentals (recommended training: Kubernetes Fundamentals)

Nice to have:

  • Working knowledge of the following Kubernetes topics: Role-Based Access Control (RBAC), resource control, logging and monitoring (recommended training: Kubernetes Advanced)

Programa

  • Introduction to Cloud Security
  • Cert Manager
  • RBAC Revisited. External Auth Sources
  • K8s-Network Policy
  • K8s-Securing container images
  • Istio – Introduction
  • Istio – Advanced Routing
  • Istio – Fault Injection
  • Istio – mTLS
  • Istio – Observability
  • Pod Security Policies
  • Open Policy Agent
  • Secret Management. Hashicorp Vault

Introduction to Cloud Security

  • The 4C’s of Cloud Native Security
  • STRIDE Threat Model
  • Node Security
  • Container Security

Cert Manager

  • What Cert Manager is
  • Cert-manager overview
  • Cert-manager concepts
  • Installing cert-manger
  • Cert-manager walkthrough

Hands-on Lab: Cert Manager

RBAC Revisited. External Auth Sources

  • RBAC Revisited
  • Role and ClusterRole
  • RoleBinding and CluterRoleBinding
  • OpenID Connect
  • OIDC Implicit flow
  • OIDC Authentication flow
  • JWT Tokens
  • Keycloak – K8s integration

Hands-on Lab: RBAC Revisited

K8s-Network Policy

  • Why use network policies
  • What is MetalLB and how it works
  • Configuring Layer2 and Layer3 MetalLB
  • Additional MetalLB configuration samples

Hands-on Lab: Network Policies

K8s-Securing container images

  • Tools for securing your container images
  • OCI Annotations
  • Managing the security of K8s container workloads
  • Vulnerability Scanning Tools (Aqua MicroScanner, Anchore)
  • Security Context
  • Image Security Best Practices

Hands-on Lab: Image Security

Istio – Introduction

  • What is a service mash
  • What is Istio
  • Istio architecture and components
  • Setting up Istio

Hands-on Lab: Istio – Introduction

Istio – Advanced Routing

  • Why route traffic?
  • Traffic shifting
  • Request routing
  • External Resources

Hands-on Lab: Istio – Traffic routing

Istio – Fault Injection

  • Controlling Ingress traffic
  • Fault injection
  • Circuit breaking
  • Traffic mirroring

Hands-on Lab: Istio – Fault injection

Istio – mTLS

  • Securing pod communication with Istio
  • mTLS
  • Authorization policies
  • Policy target
  • Authenticated and unauthenticated identity

Hands-on Lab: Istio – mTLS and Authorization

Istio – Observability

  • Viewing the mesh with Kiali
  • Kiali features
  • Generating a service graph
  • Tracing Calls with Jaeger
  • Observability (Metrics, Distributed Tracers, Access Logs)

Hands-on Lab: Istio – Observability

Pod Security Policies

  • Enabling Pod Security Policies
  • Policy Reference

Hands-on Lab: Pod Security Policies

Open Policy Agent

  • How OPA works
  • OPA and Kubernetes
  • Integrating OPA with K8s

Hands-on Lab: OPA Gatekeeper

Secret Management. Hashicorp Vault

  • Secrets – the theory behind
  • Protecting Secrets
  • Risks
  • Hashicorp Vault
  • Running Vault on K8s
  • Integrating Vault with K8s

Hands-on Lab: Secret Management

Outras Edições

Workshop DevSecOps Advanced

Área

Dados

Como chegou até nós

Os seus dados pessoais são recolhidos em conformidade com o Regulamento Geral de Proteção de Dados (RGPD).

Consente que os seus dados sejam utilizados, nos termos da nossa Politica de Privacidade, para o contacto/envio de:

Ações de informação, de marketing de produtos e serviços, como campanhas e eventos?

Para mais informações, consulte a Política de Privacidade do Grupo Rumos.
pode retirar o seu consentimento a qualquer momento através do botão Cancelar subscrição ou Unsubscribe que estão presentes em cada comunicação enviada, bem como exercer os direitos descritos na politica de privacidade