How to become a K8s security expert

May 06, 2022

Kubernetes is a new technology, there’s so much to learn! In this post, I will provide some hints to help you to become more confident using K8s, and to become a K8s security expert!  Whether you are in a Dev team or in an Ops team, you own the security as much as your security team! This is the new DevSecOps paradigm.  To be an expert, you need to learn and experiment, so the easiest and best way is for sure to get certified with the Linux Foundation.

image-20211210100443-1

Linux Foundation - Certifications 

The Linux Foundation (LF) is a non-profit technology consortium founded in 2000 as a merger between Open Source Development Labs and the Free Standards Group to standardize Linux, support its growth, and promote its commercial adoption. It also hosts and promotes the collaborative development of open-source  software projects. It is a major force in promoting diversity and inclusion in both Linux and the wider open-source software community - (Extract form Wikipedia )

The best way, to be a certified and recognized expert in Kubernetes security is to prepare: 

  • First the CKA exam – Certified Kubernetes Administrator 

  • And then the CKS exam – Certified Kubernetes Security Speciali

Get Kubernetes Certified - Find our which one is right for you?

image-20211210100443-2 image-20211210100443-3 image-20211210100443-4

 

Certified Kubernetes Administrator (CKA) 

The Certified Kubernetes Administrator (CKA) program provides assurance that CKAs have the skills, knowledge, and competency to perform the responsibilities of Kubernetes administrators. A certified Kubernetes administrator has demonstrated the ability to do the basic installation as well as configuring and manage production-grade Kubernetes clusters. 

image-20211210111840-1The VMware website ModernApp Ninja provides very useful tips for CKA.

 

Certified Kubernetes Security Specialist (CKS) 

The Certified Kubernetes Security Specialist program provides assurance that the holder is comfortable and competent with a broad range of best practices. CKS certification covers skills for securing container-based applications and Kubernetes platforms during build, deployment, and runtime.  Candidates for CKS must hold a current Certified Kubernetes Administrator (CKA) certification to demonstrate they possess sufficient Kubernetes expertise before sitting for the CKS. 

image-20211210112016-2

KubeAcademy 

To learn Kubernetes in general, there’s a great free academy from VMware: https://kube.academy/ 

image-20211210101146-14

You can create your own training path by choosing your K8s current knowledge, the topics you are most interested in, and your responsibility for Kubernetes.  In KubeAcademy, there’s a section about security, videos from experts, and a lot of labs. 

CKA preparation with KubeAcademy 

image-20211210112845-4

The CKA course lays out a learning path for exam preparation. KubeAcademy covers the exam format, how the exam is scored, and study resources. 

Techworld with Nana 

If your TV can play YouTube videos, you can learn Kubernetes in the comfort of your sofa!  I really like those courses, they are very clear, easy to understand, and all in one long video. 

You can’t conduct an orchestra if you have never learned music before, right?  So, if you’re not familiar with containers, I would recommend to: 

  • First learn Docker, to understand why we are using containers, and how to build them 

  • then learn Kubernetes, to orchestrate containers

  • and finally learn security best practices

Docker Tutorial for beginners

 

Kubernetes Tutorial for beginners

 

Kubernetes Security Best Practices

CKA preparation with TechWorld 

This is a paid course for CKA preparation with 14 hours of video, Hands-On demos… 

Udemy 

If you are looking for professional training, you can look at Udemy, it can help you to prepare for CKA and CKS. They propose a very good price, and especially for Black Friday. 

 

image 67 image-20211210100443-10 image-20211210100443-11

 

Kubernetes recommendations 

If you are looking for compliance to minimize risks in your organization, CIS and NSA provide recommendations that could help you to define your security policy requirements. 

CIS Benchmark 

The Center for Internet Security (CIS) provides best practices for securing Kubernetes, you can download the latest “CIS Kubernetes Benchmark” on their website.   This document is a set of recommendations for configuring Kubernetes to support a strong security posture, so it can really help you to reduce your attack surface, and hence the risks in your organization.  The latest CIS benchmark for Kubernetes V1.6 walks through all parameters in a 270 pages documents, so it’s easier to use the VMware Carbon Black template for CIS benchmark V1.6: 

image-20220506143012-1

 

NSA Kubernetes Hardening Guidance 

This guidance describes the security challenges associated with setting up and securing a Kubernetes cluster. It includes hardening strategies to avoid common misconfigurations and guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations. 

VMware Carbon Black Cloud Container

Watch this technical demonstration on VMware Carbon Black Cloud Containers to understand how organizations are adopting containerization at a rapid rate!

VMware Carbon Black Cloud Container is the security solution provided by VMware to secure Kubernetes on-prem and in all public clouds. Explore our resources the TechZone website (Level 100 and Level 200): 

To experiment, you can create your own home lab or use Testdrive: 

Joe Beda – TGIK - Thank God/Goodness It's Kubernetes (and Friday) 

Joe is a Principal Engineer at VMware working in the Cloud Native Applications business unit.  Previously, he was a founder and CTO of Heptio, which was acquired by VMware.  Joe is a co-creator of Kubernetes, and he participates in various events/webinars, and animates TGI Kubernetes weekly webinars every Friday at 1 PM Pacific, the most expert Kubernetes session you will find on Internet: https://tgik.io, already more than 170 amazing videos available! 

For example, the following section is focused on Kubernetes security: 

TGI Kubernetes 001: A Quick Tour  

TGI Kubernetes 135: Antrea CNI 

TGI Kubernetes 171: Pod Security Problems  

image-20211210100443-13

Conclusion 

Now you know how to become a Kubernetes expert!  Enjoy! Good Luck! 

Filter Tags

Container Blog Opinion