- Introduction
- Setup
- Kubernetes architecture overview
- Securing Kubernetes components
- Securing our pods
- Rbac, namespaces and cluster roles
- Introduction to istio
- Securing application communication with istio
The slides can be found here
This is the Kubernetes security workshop, we have three ways to run this workshop depending on the setup you have. You can run it on the cloud in Azure, locally via Minikube or on a low resource machine in Play with Kubernetes.
There are four methods to set up this workshop either to use in the classroom or after the workshop at your own pace. They are as follows
Azure
Minikube
Play with Kubernetes
Then familarise yourself with the application that we are going to deploy
All the code lives here
This module walks through the Kubernetes components and gives us a solid foundation for the rest of the workshop.
To run through the lab start here
In this module we are going to look at securing all the kubernetes components with tls
To run through the lab start here
In this module we will look at how to secure a Kubernetes deployment using our web application with pod security context.
To run through the lab start here
In this module we will take the application we deployed in pervious module but this time create a namespace and limit
the application to only have access to any resource in that namespace using service accounts, roles and role bindings.
To run through the lab start here
In this module we will look at what makes up istio
To run through the lab start here
In this module we will look at how to configure engress with istio
To run through the lab start here
If you are giving this workshop there are some instructor notes here