Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/scotty-c/kubernetes-security-workshop

Kubernertes security workshop
https://github.com/scotty-c/kubernetes-security-workshop

Last synced: 28 days ago
JSON representation

Kubernertes security workshop

Host: GitHub
URL: https://github.com/scotty-c/kubernetes-security-workshop
Owner: scotty-c
Created: 2018-11-11T21:17:02.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2019-05-02T21:26:32.000Z (about 5 years ago)
Last Synced: 2024-02-15T11:34:31.429Z (4 months ago)
Language: Shell
Size: 3.59 MB
Stars: 64
Watchers: 6
Forks: 63
Open Issues: 0
Metadata Files:
- Readme: README.md

Lists

awesome-k8s-security - Kubernetes Security Workshop

README

        # kubernetes-security-workshop

# Table of contents

1. [Introduction](#introduction)

2. [Setup](#setup)

    1. [Azure](setup/azure.md)

    2. [Minikube](setup/minikube.md)

    3. [Play with Kubernetes](setup/play-with-k8s.md)

3. [Kubernetes architecture overview ](#overview)

4. [Securing Kubernetes components ](#components)

5. [Securing our pods](#pods)

6. [Rbac, namespaces and cluster roles](#roles)

7. [Introduction to istio](#istio)

8. [Securing application communication with istio](#secistio)

The slides can be found [here](slides/securing-kubernetes-dockercon.pdf)

## Introduction 

This is the Kubernetes security workshop, we have three ways to run this workshop depending on the setup you have. You can run it on the cloud in Azure, locally via Minikube or on a low resource machine in Play with Kubernetes. 

## Setup 

There are four methods to set up this workshop either to use in the classroom or after the workshop at your own pace. They are as follows  

[Azure](setup/azure.md)  

[Minikube](setup/minikube.md)  

[Play with Kubernetes](setup/play-with-k8s.md)

Then familarise yourself with the application that we are going to [deploy](code/webapp/Dockerfile)  

All the code lives [here](code/webapp)

## Kubernetes architecture overview 

This module walks through the Kubernetes components and gives us a solid foundation for the rest of the workshop.    

To run through the lab start [here](kubernetes-architecture/architecture.md)

## Securing Kubernetes components 

In this module we are going to look at securing all the kubernetes components with tls  

To run through the lab start [here](securing-kubernetes-components/securing.md)

## Securing our pods 

In this module we will look at how to secure a Kubernetes deployment using our web application with pod security context.  

To run through the lab start [here](securing-our-pods/securing.md)

## Rbac, namespaces and cluster roles 

In this module we will take the application we deployed in pervious module but this time create a namespace and limit  

the application to only have access to any resource in that namespace using service accounts, roles and role bindings.  

To run through the lab start [here](rbac-namespaces-clusterroles/namespaces.md)

## Introduction to istio 

In this module we will look at what makes up istio   

To run through the lab start [here](introduction-into-istio/intro.md)

## Securing application communication with istio 

In this module we will look at how to configure engress with istio  

To run through the lab start [here](securing-application-communication-with-istio/istio.md)

### Instructors

If you are giving this workshop there are some instructor notes [here](instructor-notes/notes.md)