Visão Geral

O Curso DevSecOps Advanced cobre a segurança de infraestruturas de aplicativos em contêineres, incluindo práticas recomendadas para proteger a rede e os aplicativos.

Publico Alvo

• Pessoas familiarizadas com aplicativos em contêineres e tecnologias de orquestração de contêineres, que desejam melhorar a segurança de seu ambiente
• Engenheiros de DevOps
• Administradores de sistemas Linux
• Engenheiros de projeto de sistemas
• Arquitetos

Pre-Requisitos

• Domínio dos conceitos básicos de contêineres 
• Forte domínio da terminologia do Kubernetes e dos fundamentos da operação de cluster do Kubernetes 

Materiais

Conteúdo Programatico

Introduction to Cloud Security

1. The 4C’s of Cloud Native Security
2. STRIDE Threat Model
3. Node Security
4. Container Security

Cert Manager

1. What Cert Manager is
2. Cert-manager overview
3. Cert-manager concepts
4. Installing cert-manger
5. Cert-manager walkthrough
6. Hands-on Lab: Cert Manager

RBAC Revisited. External Auth Sources

1. RBAC Revisited
2. Role and ClusterRole
3. RoleBinding and CluterRoleBinding
4. OpenID Connect
5. OIDC Implicit flow
6. OIDC Authentication flow
7. JWT Tokens
8. Keycloak – K8s integration
9. Hands-on Lab: RBAC Revisited

K8s-Network Policy

1. Why use network policies
2. What is MetalLB and how it works
3. Configuring Layer2 and Layer3 MetalLB
4. Additional MetalLB configuration samples
5. Hands-on Lab: Network Policies

K8s-Securing container images

1. Tools for securing your container images
2. OCI Annotations
3. Managing the security of K8s container workloads
4. Vulnerability Scanning Tools (Aqua MicroScanner, Anchore)
5. Security Context
6. Image Security Best Practices
7. Hands-on Lab: Image Security

Istio – Introduction

1. What is a service mash
2. What is Istio
3. Istio architecture and components
4. Setting up Istio
5. Hands-on Lab: Istio – Introduction

Istio – Advanced Routing

1. Why route traffic?
2. raffic shifting
3. equest routing
4. External Resources
5. Hands-on Lab: Istio – Traffic routing

Istio – Fault Injection

1. Controlling Ingress traffic
2. Fault injection
3. Circuit breaking
4. Traffic mirroring
5. Hands-on Lab: Istio – Fault injection

Istio – mTLS

1. Securing pod communication with Istio
2. mTLS
3. Authorization policies
4. Policy target
5. Authenticated and unauthenticated identity
6. Hands-on Lab: Istio – mTLS and Authorization

Istio – Observability

1. Viewing the mesh with Kiali
2. Kiali features
3. Generating a service graph
4. Tracing Calls with Jaeger
5. Observability (Metrics, Distributed Tracers, Access Logs)
6. Hands-on Lab: Istio – Observability

Pod Security Policies

1. Enabling Pod Security Policies
2. Policy Reference
3. Hands-on Lab: Pod Security Policies

Open Policy Agent

1. How OPA works
2. OPA and Kubernetes
3. Integrating OPA with K8s
4. Hands-on Lab: OPA Gatekeeper

Secret Management. Hashicorp Vault

1. Secrets – the theory behind
2. Protecting Secrets
3. Risks
4. Hashicorp Vault
5. Running Vault on K8s
6. Integrating Vault with K8s
7. Hands-on Lab: Secret Management