This Kubernetes Security Specialist course offers foundational knowledge through concepts and hands-on demonstrations of securing a Kubernetes cluster and its applications. Emphasizing practical skills, it requires a running Kubernetes cluster for participation.
Recommended experience
What you'll learn
Verify a Kubernetes release after downloading it.
Analyze roles and role bindings for a user.
Construct a Kubernetes cluster using an outdated version.
Skills you'll gain
Details to know
Add to your LinkedIn profile
September 2024
10 assignments
See how employees at top companies are mastering in-demand skills
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 25 modules in this course
In this module, we will guide you through the steps to become a Certified Kubernetes Security Specialist (CKS). You'll learn about the certification process, the requirements, and the best resources to help you succeed in your certification journey.
What's included
1 video1 reading
In this module, we will cover the creation of a Kubernetes cluster and delve into some common errors you might encounter. You'll learn how to set up your cluster and troubleshoot issues to maintain a stable and functional environment.
What's included
1 video
In this module, we will explore the use of Network Policies to restrict access at the cluster level. You'll learn about default deny policies, how to set up egress and ingress rules, and how to create policies for different namespaces.
What's included
4 videos1 assignment
In this module, we will focus on minimizing the use and access to GUI elements in Kubernetes. You'll learn how to install the Kubernetes Dashboard, understand the risks of insecure access, and implement RBAC to enhance security.
What's included
3 videos
In this module, we will guide you through the creation and securing of Ingress objects in Kubernetes. You'll learn how to set up Ingress and apply security controls to protect your cluster.
What's included
2 videos
In this module, we will discuss how to access and protect node metadata in a Kubernetes cluster. You'll learn about the security implications and how to use Network Policy to safeguard node endpoints.
What's included
2 videos1 assignment
In this module, we will explore the CIS benchmark for Kubernetes security and how to use kube-bench to review and improve your cluster's security configuration.
What's included
1 video
In this module, we will cover the importance of verifying platform binaries before deployment. You'll learn how to delete custom networks and verify the apiserver binary to ensure your cluster's security.
What's included
2 videos
In this module, we will focus on RBAC for cluster hardening. You'll learn about roles, rolebindings, and how to manage accounts and Certificate Signing Requests to enhance security.
What's included
5 videos1 assignment
In this module, we will discuss the cautious use of Service Accounts in Kubernetes. You'll learn about custom Service Accounts, disabling their mounting, and limiting their permissions with RBAC.
What's included
4 videos
In this module, we will explore methods to restrict API access for cluster hardening. You'll learn about enabling/disabling anonymous access, performing secure API requests, and using Node Restriction Admission Controller.
What's included
4 videos
In this module, we will cover the upgrade process for Kubernetes clusters. You'll learn how to verify Node Restriction, create clusters with older versions, and upgrade to ensure your cluster remains secure and up-to-date.
What's included
4 videos1 assignment
In this module, we will focus on managing Kubernetes secrets and understanding their vulnerabilities. You'll learn how to create secrets, hack them to understand their weaknesses and implement ETCD encryption for protection.
What's included
5 videos
In this module, we will explore the use of container runtime sandboxes in a multi-tenant environment. You'll learn about calling the Linux kernel, the OCI, and how to use Crictl and create Runtime Classes.
What's included
4 videos
In this module, we will delve into OS-level security domains for microservices. You'll learn how to set container users and groups, enforce non-root policies, manage privileged containers, and create Pod Security Policy.
What's included
5 videos1 assignment
In this module, we will cover mTLS and its implementation. You'll learn the basics of mTLS and how to create a sidecar proxy to secure communications.
What's included
2 videos
In this module, we will explore the Open Policy Agent (OPA) and its use in Kubernetes security. You'll learn about installing an OPA gatekeeper, enforcing policies, and implementing Deny All policies and namespace label enforcement.
What's included
4 videos
In this module, we will focus on supply chain security by reducing image footprint. You'll learn how to use multi-stage builds and secure and harden container images.
What's included
2 videos1 assignment
In this module, we will explore static analysis for supply chain security. You'll learn about using Kubesec, performing static analysis with Docker images, and utilizing OPA Conftest.
What's included
4 videos
In this module, we will cover image vulnerability scanning using Trivy. You'll learn how to scan container images to identify and mitigate vulnerabilities.
What's included
1 video
In this module, we will focus on securing the supply chain in Kubernetes. You'll learn about image digests and how to whitelist registries using OPA to enhance security.
What's included
2 videos1 assignment
In this module, we will explore behavioral analytics at the host and container levels. You'll learn how to use Strace, access /proc, and environment variables, and implement Falco for threat detection and monitoring.
What's included
7 videos
In this module, we will discuss the immutability of containers at runtime. You'll learn about the concept of immutability, how to implement Startup Probe, and use Security Context to render containers immutable.
What's included
3 videos1 assignment
In this module, we will cover auditing for runtime security in Kubernetes. You'll learn about the importance of auditing, how to implement audit policies, enable audit logging, and check logs for compliance.
What's included
4 videos
In this module, we will focus on system hardening through kernel hardening techniques. You'll learn how to implement AppArmor and Seccomp profiles for various Kubernetes components to enhance overall security.
What's included
7 videos2 assignments
Instructor
Offered by
Recommended if you're interested in Security
Why people choose Coursera for their career
New to Security? Start here.
Open new doors with Coursera Plus
Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
Yes, you can preview the first video and view the syllabus before you enroll. You must purchase the course to access content not included in the preview.
If you decide to enroll in the course before the session start date, you will have access to all of the lecture videos and readings for the course. You’ll be able to submit assignments once the session starts.
Once you enroll and your session begins, you will have access to all videos and other resources, including reading items and the course discussion forum. You’ll be able to view and submit practice assessments, and complete required graded assignments to earn a grade and a Course Certificate.