From the course: Certified Kubernetes Security Specialist (CKS) Cert Prep
Join today to access over 24,900 courses taught by industry experts.
Enforcing network encryption - Kubernetes Tutorial
From the course: Certified Kubernetes Security Specialist (CKS) Cert Prep
Enforcing network encryption
- Scenario number eight is about driving that encrypted traffic between pods into our cluster. We want to be able to provide a level of security that's automated that allows us to be able to ensure that the traffic that goes between pods from nodes is going to be encrypted, and we're going to use Cilium to make this happen. So Cilium has a mechanism that allows us to be able to do that pod to pod encryption, using things like WireGuard. And it used to be very difficult to configure, but this makes it a lot easier. But in addition, we also want to be able to test it and we've got to verify that all the traffic is being encrypted, and we want to be able to analyze that traffic with some tools like TCP dump so that we can see that it is working. So we'll go ahead and pause it here, give it a try, get it configured and then come back and we'll go through the answer. And the key to be able to complete this scenario is that we're going to use Cilium to be able to make the hard stuff easy…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
(Locked)
Module 3: Cluster hardening introduction37s
-
(Locked)
Learning objectives33s
-
(Locked)
Kubernetes API fundamentals6m 31s
-
(Locked)
Kubernetes access control10m 44s
-
(Locked)
API server configuration11m 38s
-
(Locked)
API server hardening13m 6s
-
(Locked)
Verify access control policies13m 37s
-
(Locked)
-
-
(Locked)
Module 6: Software supply chain security introduction40s
-
(Locked)
Learning objectives35s
-
(Locked)
Software supply chain risks9m 25s
-
(Locked)
Protect image registry access5m 36s
-
(Locked)
Require signed images14m 22s
-
(Locked)
Policy enforcement: Image policy webhook21m 28s
-
(Locked)
Policy enforcement: Validating admission policy8m 55s
-
(Locked)
-
-
(Locked)
Learning objectives47s
-
(Locked)
Understanding syscall behavioral analysis12m 28s
-
(Locked)
Using Falco for threat detection7m 14s
-
(Locked)
Falco host installation14m
-
(Locked)
Falco Kubernetes installation13m 51s
-
(Locked)
Falco configuration and rules7m 42s
-
(Locked)
Falco custom rules in action19m 17s
-
(Locked)
-
-
(Locked)
Module 8: Exam practice scenarios introduction42s
-
(Locked)
Learning objectives52s
-
(Locked)
Securing Kubernetes API access12m 37s
-
(Locked)
Implementing pod security standards (PSS)11m 43s
-
(Locked)
Enforcing network policies for pod communication12m 27s
-
(Locked)
Restricting image registries11m 7s
-
(Locked)
Configuring secret encryption12m 32s
-
(Locked)