DevSecOps Advanced - 2 Days

Course Description:

DevSecOps Advanced training covers the security of containerized application infrastructures, including recommended best practices for securing the network and the applications.

In this course you will learn how to control the flow of traffic and API calls between services, conduct a range of tests, automatically secure your services through managed authentication, authorization and encryption of communication between services, apply polices and ensure that they’re enforced and observe everything with rich automatic tracing, monitoring and logging of all your services.

What will you learn:

After completing this course, students will have a firm understanding on how to improve the security of their containerized application infrastructure.

Target audience:

  • people familiar with containerized applications and container orchestration technologies, wishing to improve the security of their environment
  • DevOps engineers
  • Linux system administrators
  • Systems design engineers
  • Architects

Prerequisites:

  • strong grasp of container basics (recommended training: Docker Basic)
  • strong grasp of Kubernetes terminology and Kubernetes cluster operation fundamentals (recommended training: Kubernetes Basic)

Recommended:

  • working knowledge of the following Kubernetes topics: Role-Based Access Control (RBAC), resource control, logging and monitoring (recommended training: Kubernetes Advanced)

Curriculum: 

Module 01: Cert Manager 

  • What Cert Manager is
  • cert-manager overview
  • cert-manager concepts
  • Installing cert-manger
  • cert-manager walkthrough

Hands-on Lab: Cert Manager

Module 02: K8s-Network Policy

  • Why use network policies
  • What is MetalLB and how it works
  • Configuring Layer2 and Layer3 MetalLB
  • Additional MetalLB configuration samples

Hands-on Lab: Network Policies

Module 03: Istio - Introduction 

  • What is a service mash
  • What is Istio
  • Istio architecture and components
  • Setting up Istio

Hands-on Lab: Istio - Introduction

Module 04: Istio – Advanced Routing 

  • Why route traffic?
  • Traffic shifting
  • Request routing
  • External Resources

Hands-on Lab: Istio – Traffic routing

Module 05: Istio – Fault Injection

  • Controlling Ingress traffic
  • Fault injection
  • Circuit breaking
  • Traffic mirroring

Hands-on Lab: Istio – Fault injection

Module 06: Istio – mTLS

  • Securing pod communication with Istio
  • mTLS
  • Authorization policies
  • Policy target
  • Authenticated and unauthenticated identity

Hands-on Lab: Istio – mTLS and Authorization

Module 07: Istio - Observability 

  • Viewing the mesh with Kiali
  • Kiali features
  • Generating a service graph
  • Tracing Calls with Jaeger
  • Observability (Metrics, Distributed Tracers, Access Logs)

Hands-on Lab: Istio - Observability

Module 08: Open Policy Agent 

  • How OPA works
  • OPA and Kubernetes
  • Integrating OPA with K8s
  • Rego Expressions

Hands-on Lab: OPA Gatekeeper

Additional details:

To attend this course, you need to have:

  • PC/Laptop with internet access
  • Updated web browser

 


Kubernauts Worldwide Meetup

Join our online sessions at Kubernauts Worldwide Meetup and enjoy free trainings and great presentations from the kommunity!

meet us

Learn about Kubernautic

Kubrnautic is a Platform ready to build Cloud Agnostic Kubernetes Platforms!

Learn more +