1.1 CKS Certification Requirements
1.2 Resources and Study Tools
1.3 Practice Strategy
1.4 Creating a Study Timeline and Expectations
2.1 Lab Environment and Architecture
2.2 Local Installation
2.3 Cloud Installation
2.4 Your Cluster Up and Running
3.1 Cloud Native Security
3.2 Kubernetes Architecture
3.3 Kubernetes PKI Architecture
3.4 Threat Modeling K8s
3.5 Real World K8s Hacks
3.6 OWASP Kubernetes Top 10
4.1 Network Security Overview
4.2 Pod Communication Policies
4.3 Segmentation
5.1 CIS Benchmarks for Kubernetes
5.2 Install Kube-bench
5.3 Checking Compliance with Kube-bench
6.1 Understanding Ingress
6.2 Creating Ingress Objects
6.3 Ingress Security Options
7.2 Network Policies
7.3 Node Metadata Protection
7.4 Implement Kubelet Authentication
7.5 Test Kubelet and Node Metadata Security
8.1 K8s Dashboard Architecture
8.2 Dashboard Installation
8.3 Role Based Access Control (RBAC)
9.1 Understanding Platform Binary Integrity
9.2 Download the Latest Kubernetes Release
9.3 Verify Binary Checksum
10.1 Kubernetes API Fundamentals
10.2 Kubernetes Access Control
10.3 API Server Configuration
10.4 API Server Hardening
10.5 Verify Access Control Policies
11.1 Understanding Kubernetes RBAC
11.2 Creating a User Account
11.3 Applying Roles to a User
11.4 Configuring and Binding Cluster Roles
11.5 Verifying Role Rules
12.1 Understanding Service Accounts
12.2 Creating a Service Account
12.3 Disable Default Settings
12.4 Verify Service Account Permissions
13.1 Kubernetes Update Process
13.2 Plan Upgrade Process
13.3 Upgrade Components and Test
14.1 Host Hardening
14.2 Remove Unneeded Services
14.3 Log System Activities
14.4 Limit Access
15.1 Understanding External Access to Kubernetes
15.2 Finding Open Ports
15.3 Host Firewall Configuration
15.4 Test Host Firewall
16.1 Understanding Kernel Threats
16.2 Using Seccomp
16.3 Using AppArmor
16.4 Testing Kernel Security
17.1 Principle of Least Privilege
17.2 Host Based IAM
17.3 Restricting User Privileges
17.4 Controlling File Access and User Logging
17.5 Understanding Cloud RBAC
18.1 Understanding Pod Security
18.2 Configure Security Contexts
18.3 Pod Security Admission
18.4 OPA Gatekeeper
19.1 Understanding Kubernetes Secrets
19.2 Creating and Using a Secret
19.3 Using Secrets in Pods
19.4 Encrypting Secrets at Rest
20.1 Containing Containers
20.2 Sandboxed Pods
20.3 Using gVisor
20.4 Using Kata Containers
21.1 Introduction to Cilium and mTLS
21.2 Using Cilium for Pod-to-Pod Encryption
21.3 Deploying and Verifying mTLS with Cilium
22.1 Software Supply Chain Risks
22.2 Protect Image Registry Access
22.3 Require Signed Images
22.4 Policy Enforcement Image Policy Webhook
22.5 Policy Enforcement Validating Admission Policy
23.1 Static Analysis Fundamentals
23.2 Scan Manifests for Vulnerabilities with Kube-linter
23.3 Scanning for Cluster Vulnerabilities
24.1 Understanding Container Images
24.2 Use Image Creation Good Practices
24.3 Reduce Image Attack Surface
25.1 Scanning for Vulnerable Images
25.2 Using Trivy to Identify Vulnerable Containers
25.3 Using the Trivy Operator
25.4 Using Trivy and Kyverno for SBOM Attestation
26.1 Understanding Immutability
26.2 Read Only Filesystem
26.3 Policy Enforcement with VAP
27.1 Auditing in Kubernetes
27.2 Define an Audit Policy
27.3 Event Batching and Tuning
27.4 Configure Backend Log Storage
28.1 Understanding Syscall Behavioral Analysis
28.2 Using Falco for Threat Detection
28.3 Falco Host Installation
28.4 Falco Kubernetes Installation
28.5 Falco Configuration and Rules
28.6 Falco Custom Rules in Action
29.1 MITRE ATT&CK Framework
29.2 Security Event Log Review
29.3 Gathering Evidence of Compromise
29.4 Practicing Kubernetes Security
30.1 Securing Kubernetes API Access
30.2 Implementing Pod Security Standards (PSS)
30.3 Enforcing Network Policies for Pod Communication
30.4 Restricting Image Registries
30.5 Configuring Secret Encryption
31.1 Container Runtime Security
31.2 Detecting Malicious Behavior Using Falco
31.3 Enforcing Network Encryption
31.4 Secure Ingress via TLS
31.5 Detecting and Mitigating Security Vulnerabilities
1280x720
Certified Kubernetes Security Specialist (CKS) Introduction
Certified Kubernetes Security Specialist (CKS) Introduction (1)
Certified Kubernetes Security Specialist (CKS) Summary
Learning objectives
Learning objectives (1)
Learning objectives (2)
Learning objectives (3)
Learning objectives (4)
Learning objectives (5)
Learning objectives (6)
Learning objectives (7)
Learning objectives (8)
Learning objectives (9)
Learning objectives (10)
Learning objectives (11)
Learning objectives (12)
Learning objectives (13)
Learning objectives (14)
Learning objectives (15)
Learning objectives (16)
Learning objectives (17)
Learning objectives (18)
Learning objectives (19)
Learning objectives (20)
Learning objectives (21)
Learning objectives (22)
Learning objectives (23)
Learning objectives (24)
Learning objectives (25)
Learning objectives (26)
Learning objectives (27)
Learning objectives (28)
Learning objectives (29)
Learning objectives (30)
Module Introduction
Module Introduction (1)
Module Introduction (2)
Module Introduction (3)
Module Introduction (4)
Module Introduction (5)
Module Introduction (6)
Module Introduction (7)
