LI560: Kubernetes Security

Agenda:

• Cluster security
  • Kubernetes architecture
  • Threat model & attack vectors
  • ControlPlane hardening & admission controller
  • RBAC & ServiceAccounts
  • Pod security admission
  • CIS benchmark
  • Workload node security
    
    
• Network & container security (cluster & container level)
  • CNI & network overview
  • Container hardening & image security
  • Policy engines
  • ServiceMesh
    
    
• Runtime & monitoring (container & cluster level)
  • Shift-left security
  • Runtime security basics (seccomp, AppArmor, capabilities)
  • Falco: syscall-based monitoring (Syscall Monitoring)
  • Kubernetes Audit Logging
  • Incident response & forensics (hands-on lab)
    
    
• Supply chain & compliance (code level & integration)
  • Container scanning & Software Bill of Materials (SBOM)
  • Image signatures & verification
  • Compliance & automation

Objectives:

• Build security understanding: Participants understand threat models, attack vectors and the security-relevant architecture of Kubernetes.
• Apply best practices: They learn how to harden Control Plane, workloads and networks – from RBAC via Pod Security to container and runtime security measures.
• Ensure compliance: The course teaches methods to implement regulatory requirements (e.g. CIS Benchmarks, Audit Logging, SBOM, signatures) in Kubernetes environments.
• Practice through hands-on labs: Participants practice real attack scenarios, defense measures and incident response to apply security in practice.
• Develop holistic view: They gain the ability to consider Kubernetes security along the entire supply chain – from code to operations in the cluster.

Target audience:

• DevOps/Platform Engineers
• Administrators
• Security and Compliance Specialists
• Developers
• Penetration Testers
• Red Teams

Prerequisites:

To be able to follow the course content and learning pace of the workshop LI560 Kubernetes Security effectively, solid Linux and Kubernetes knowledge is mandatory.

We recommend attending the following courses beforehand:

• LI500 Container Fundamentals
• LI510 Kubernetes Basics
• LI530 Kubernetes Advanced

Description:

In this hands-on training, participants learn how Kubernetes clusters and containerized workloads can be comprehensively secured – from architecture through network and runtime security to supply chain aspects and compliance. Beyond theoretical foundation, the focus lies on practical hands-on labs and concrete best practices for secure operation of Kubernetes in enterprises.

The training LI560 Kubernetes Security targets professionals who securely operate, manage or audit Kubernetes –
including DevOps/Platform Engineers, administrators, security and compliance specialists as well as developers. Penetration testers and red teams also benefit by learning to understand and test Kubernetes environments from an attacker perspective.

Thus participants gain the knowledge and tools to build Kubernetes environments resilient, compliant and future-proof – hands-on, verifiable and directly applicable in daily work.