Cloud Security: from Docker to Kubernetes
Open Source Systeme und Applikationen
08.09.2022
9:00 – 17:00 Uhr
BFH - Berner Fachhochschule
Max. Teilnehmer: 20
Einleitung
Security is hard, everybody knows! It is one of the hardest principle to learn and to be aligned to, especially introducing it in an existing architecture, especially in the cloud!
But respecting best practices, leveraging the right tools and reaching a good level of automation, security becomes our most powerful and reliable fellow.
Join me in a journey inside security. We will learn the basics, deploy some examples on Kubernetes and protect our applications from the most common treats out there.
Let’s stop looking at security as restrictive and blocking, because even an amazing supercar cannot run 400 km/h without good brakes 😉
Programm
Introduction to main cloud security areas and concepts:
- Container
- Kubernetes
- Cloud
- Auditing
Hands-on lab:
- Spin up a Kubernetes cluster
- Setup Kubernete authentication
- Configure RBAC
- Try some useful RBAC-related tools
- Build a security compliant container image
- Scan a container image
- Configure Kubernetes Pod Security Context
- Configure Kubernetes Pod Security Standards and Admission
- Configure Kubernetes Network Policies
- Deploy and test Falco
Kursziel
Learn basis of cloud security in Dockerfile
- Base container image
- Container image digest
- Run as root
- Vulnerability scanning
Learn basis of cloud security in Kubernetes
- Authentication
- RBAC
- Security Context
- Pod Security Policies
- Pod Security Standards
- Pod Security Admission
- Network Policies
Learn basis of auditing
- Special focus on Sysdig Falco
Learn useful tools
- RBAC-manager
- RBAC-lookup
- Polaris
Learn about further helpful tools
- Rakkess
- Starboard
- Popeye
- Kyverno
Adressaten
- Every enthusiast learner
- Everybody interested in cloud security
- Cloud Solution Experts/Engineers/Architects
- Kubernetes Engineers
- DevOps/Infrastructure Engineers
- DevOps/Infrastructure enthusiasts
Voraussetzungen
Required software already installed locally:
- git (https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
- Docker (https://docs.docker.com/get-docker/)
- VirtualBox (https://www.virtualbox.org/wiki/Downloads)
- kubectl (https://kubernetes.io/docs/tasks/tools/)
- Helm (https://helm.sh/docs/intro/quickstart/#install-helm)
- Minikube (https://minikube.sigs.k8s.io/docs/start/)
- Openssl (https://www.openssl.org/source/)
Minikube alternatives:
- KinD
- K3s
- MicroK8s
- GCP
- AWS
- Azure
Infrastruktur
Bring with you just a couple of things: your enthusiasm, your curiosity and your Linux or MacOs laptop (Windows not supported).
Referenten
Matteo Baiguini
I was born in Milan, where I studied Computer Sciences at the University of Milano-Bicocca and started working on Java and the eCommerce field some years ago. I moved to Zurich during 2015, always working on eCommerce but moving steps toward cloud-native architectures. I worked for a couple of years as Freelance Cloud Expert with different customers on innovative cloud-native event-driven projects, both green-field and enterprise. Currently I work in a startup named Swissblock Technologies as Head of DevOps and Security, responsible for infrastructure, security but also development based on agile and DevOps principles.