├── .gitignore ├── LICENSE ├── README.md ├── hands-on ├── 00_Install_kubernetes │ ├── EKS │ │ └── README.md │ ├── GKE │ │ └── README.md │ ├── Multipass │ │ └── install_k8s_cluster_macos.sh │ └── Vagrant │ │ ├── .gitignore │ │ ├── README.md │ │ ├── Vagrantfile │ │ ├── ansible.cfg │ │ ├── hosts │ │ ├── join │ │ ├── main.yml │ │ ├── roles │ │ ├── general │ │ │ ├── tasks │ │ │ │ ├── 01-install.yml │ │ │ │ ├── 02-config.yml │ │ │ │ ├── 03-service.yml │ │ │ │ └── main.yml │ │ │ └── templates │ │ │ │ ├── daemon.json.j2 │ │ │ │ └── kubernetes.conf.j2 │ │ ├── master │ │ │ └── tasks │ │ │ │ └── main.yml │ │ └── worker │ │ │ └── tasks │ │ │ └── main.yml │ │ └── vars │ │ └── main.yml ├── 01_Cluster_Setup │ ├── Kubernetes-ingress │ │ ├── README.md │ │ ├── examples │ │ │ ├── demo-backend.yaml │ │ │ ├── demo-basic-auth.yaml │ │ │ └── demo-ingress.yaml │ │ └── values.yaml │ └── Kubernetes-network-policy │ │ ├── 01-deny-all-traffic-to-an-application.md │ │ ├── 02-limit-traffic-to-an-application.md │ │ ├── 02a-allow-all-traffic-to-an-application.md │ │ ├── 03-deny-all-non-whitelisted-traffic-in-the-namespace.md │ │ ├── 04-deny-traffic-from-other-namespaces.md │ │ ├── 05-allow-traffic-from-all-namespaces.md │ │ ├── 06-allow-traffic-from-a-namespace.md │ │ ├── 07-allow-traffic-from-some-pods-in-another-namespace.md │ │ ├── 08-allow-external-traffic.md │ │ ├── 09-allow-traffic-only-to-a-port.md │ │ ├── 10-allowing-traffic-with-multiple-selectors.md │ │ ├── 11-deny-egress-traffic-from-an-application.md │ │ ├── 12-deny-all-non-whitelisted-traffic-from-the-namespace.md │ │ ├── 14-deny-external-egress-traffic.md │ │ ├── README.md │ │ └── img │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ ├── 6.gif │ │ ├── 8.gif │ │ └── 9.gif ├── 06_Monitoring_Logging_and_Runtime_Security │ └── Sysdig.md └── books │ ├── CIS_Kubernetes_V1_20_Benchmark_v1_0_0_PDF.pdf │ ├── Kubernetes Security - Operating Kubernetes Clusters and Applications Safely.pdf │ ├── Kubernetes-Runtime-Security-with-Falco-and-Sysdig.pdf │ ├── Rice_Container-Security-Fundamental-Technology-Concepts-that-Protect-Containerized-Applications_RuLit_Me_669558.pdf │ ├── Zero Trust with cert-manager, Istio and Kubernetes.pdf │ ├── docker-security.pdf │ ├── oreilly-practical-cloud-native-security-with-falco.pdf │ └── us-19-Edwards-Compendium-Of-Container-Escapes-up.pdf └── kubernetes-security-specialist.png /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/README.md -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/EKS/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/EKS/README.md -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/GKE/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/GKE/README.md -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Multipass/install_k8s_cluster_macos.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Multipass/install_k8s_cluster_macos.sh -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/README.md -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/Vagrantfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/Vagrantfile -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/ansible.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/ansible.cfg -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/hosts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/hosts -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/join: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/join -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/main.yml -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/roles/general/tasks/01-install.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/roles/general/tasks/01-install.yml -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/roles/general/tasks/02-config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/roles/general/tasks/02-config.yml -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/roles/general/tasks/03-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/roles/general/tasks/03-service.yml -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/roles/general/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/roles/general/tasks/main.yml -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/roles/general/templates/daemon.json.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/roles/general/templates/daemon.json.j2 -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/roles/general/templates/kubernetes.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/roles/general/templates/kubernetes.conf.j2 -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/roles/master/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/roles/master/tasks/main.yml -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/roles/worker/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/00_Install_kubernetes/Vagrant/roles/worker/tasks/main.yml -------------------------------------------------------------------------------- /hands-on/00_Install_kubernetes/Vagrant/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | k8s_version: "1.19.1" 3 | network: "flannel" -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-ingress/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-ingress/README.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-ingress/examples/demo-backend.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-ingress/examples/demo-backend.yaml -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-ingress/examples/demo-basic-auth.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-ingress/examples/demo-basic-auth.yaml -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-ingress/examples/demo-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-ingress/examples/demo-ingress.yaml -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-ingress/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-ingress/values.yaml -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/01-deny-all-traffic-to-an-application.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/01-deny-all-traffic-to-an-application.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/02-limit-traffic-to-an-application.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/02-limit-traffic-to-an-application.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/02a-allow-all-traffic-to-an-application.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/02a-allow-all-traffic-to-an-application.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/03-deny-all-non-whitelisted-traffic-in-the-namespace.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/03-deny-all-non-whitelisted-traffic-in-the-namespace.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/04-deny-traffic-from-other-namespaces.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/04-deny-traffic-from-other-namespaces.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/05-allow-traffic-from-all-namespaces.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/05-allow-traffic-from-all-namespaces.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/06-allow-traffic-from-a-namespace.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/06-allow-traffic-from-a-namespace.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/07-allow-traffic-from-some-pods-in-another-namespace.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/07-allow-traffic-from-some-pods-in-another-namespace.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/08-allow-external-traffic.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/08-allow-external-traffic.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/09-allow-traffic-only-to-a-port.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/09-allow-traffic-only-to-a-port.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/10-allowing-traffic-with-multiple-selectors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/10-allowing-traffic-with-multiple-selectors.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/11-deny-egress-traffic-from-an-application.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/11-deny-egress-traffic-from-an-application.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/12-deny-all-non-whitelisted-traffic-from-the-namespace.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/12-deny-all-non-whitelisted-traffic-from-the-namespace.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/14-deny-external-egress-traffic.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/14-deny-external-egress-traffic.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/README.md -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/1.gif -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/2.gif -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/3.gif -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/4.gif -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/5.gif -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/6.gif -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/8.gif -------------------------------------------------------------------------------- /hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/01_Cluster_Setup/Kubernetes-network-policy/img/9.gif -------------------------------------------------------------------------------- /hands-on/06_Monitoring_Logging_and_Runtime_Security/Sysdig.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/06_Monitoring_Logging_and_Runtime_Security/Sysdig.md -------------------------------------------------------------------------------- /hands-on/books/CIS_Kubernetes_V1_20_Benchmark_v1_0_0_PDF.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/books/CIS_Kubernetes_V1_20_Benchmark_v1_0_0_PDF.pdf -------------------------------------------------------------------------------- /hands-on/books/Kubernetes Security - Operating Kubernetes Clusters and Applications Safely.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/books/Kubernetes Security - Operating Kubernetes Clusters and Applications Safely.pdf -------------------------------------------------------------------------------- /hands-on/books/Kubernetes-Runtime-Security-with-Falco-and-Sysdig.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/books/Kubernetes-Runtime-Security-with-Falco-and-Sysdig.pdf -------------------------------------------------------------------------------- /hands-on/books/Rice_Container-Security-Fundamental-Technology-Concepts-that-Protect-Containerized-Applications_RuLit_Me_669558.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/books/Rice_Container-Security-Fundamental-Technology-Concepts-that-Protect-Containerized-Applications_RuLit_Me_669558.pdf -------------------------------------------------------------------------------- /hands-on/books/Zero Trust with cert-manager, Istio and Kubernetes.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/books/Zero Trust with cert-manager, Istio and Kubernetes.pdf -------------------------------------------------------------------------------- /hands-on/books/docker-security.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/books/docker-security.pdf -------------------------------------------------------------------------------- /hands-on/books/oreilly-practical-cloud-native-security-with-falco.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/books/oreilly-practical-cloud-native-security-with-falco.pdf -------------------------------------------------------------------------------- /hands-on/books/us-19-Edwards-Compendium-Of-Container-Escapes-up.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/hands-on/books/us-19-Edwards-Compendium-Of-Container-Escapes-up.pdf -------------------------------------------------------------------------------- /kubernetes-security-specialist.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SebastianUA/Certified-Kubernetes-Security-Specialist/HEAD/kubernetes-security-specialist.png --------------------------------------------------------------------------------