In the previous workshop episodes, you learned the basics of Docker & Kubernetes. This workshop aims to kick a notch higher by introducing you to the security aspects of the container world.
In this presentation, you will see live hacking demos, patterns & workflows, along with some insights & hands-on exercises on container security. This workshop aims to point you in the right direction regarding container security!
Post knowledge transfer on container security basics, we will co-relate the container security aspects with Kubernetes and other elements of Kubernetes Security. Lastly, we will touch base on some open source tools that will help us harden the Kubernetes environment.
Timestamps
00:00 Intro music
1:34 workshop starts
5:33 Hacks happened in the past
7:29 Demo of an Attack
29:25 What is a container? (killercoda demo)
37:05 root inside a container
45:38 privileged container
52:07 Linux capabilities
1:05:12 Kubernetes Goat
1:12:02 Getting a reverse shell
1:23:00 hostPID & hostNetwork
1:25:40 trivy scan on ubuntu & nginx image
1:28:07 Scanning argocd images
1:33:10 distroless images
1:35:28 Analyze your container image with dive
1:41:25 Memory Limits for containers & fork bomb
1:45:10 Kubernetes goat challange (private registry)
1:50:00 Runtime security (falco)
1:55:12 Kubernetes Security
2:04:35 kubectl-fields plugin
2:06:55 Network Policies
2:14:30 kyverno (admission controller)
2:19:30 kubescape for static scanning
2:26:10 closing message
Speaker - Rewanth Tammana (@rewanthtammana)
►►►Resources ►►►
► Prerequisite - https://www.youtube.com/watch?v=PN3VqbZqmD8
► GitHub Repo - https://github.com/rewanthtammana/container-and-kubernetes-security-workshop
► Killercoda Playground - https://killercoda.com/playgrounds/scenario/ubuntu
►►►Connect with Kubesimplify ►►►
► Twitter - https://twitter.com/kubesimplify
► Discord - https://kubesimplify.com/discord
► Website - https://kubesimplify.com/
► GitHub - https://github.com/kubesimplify
17 Comments