Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Cloudblock automates deployment of secure ad-blocking for all of your devices - even when mobile. Step-by-step text and video guides included! Compatible clouds include AWS, Azure, Google Cloud, and Oracle Cloud. Cloudblock deploys Wireguard VPN, Pi-Hole DNS Ad-blocking, and DNS over HTTPS in a cloud provider - or locally - using Terraform and Ansible.

Stars: ✭ 257 (-14.9%)

Mutual labels: hcl

Terraform Kubestack

Terraform GitOps Framework — Everything you need to build reliable automation for AKS, EKS and GKE Kubernetes clusters in one free and open-source framework.

Stars: ✭ 300 (-0.66%)

Mutual labels: hcl

Provisioning

Kubernetes cluster provisioning using Terraform.

Stars: ✭ 277 (-8.28%)

Mutual labels: hcl

Terraform Ecs Fargate

A Terraform template used for provisioning web application stacks on AWS ECS Fargate

Stars: ✭ 293 (-2.98%)

Mutual labels: hcl

Pyhcl

HCL is a configuration language. pyhcl is a python parser for it.

Stars: ✭ 260 (-13.91%)

Mutual labels: hcl

Decker

Declarative penetration testing orchestration framework

Stars: ✭ 263 (-12.91%)

Mutual labels: hcl

Vault On Aws

A secure Vault for secrets, tokens, keys, passwords, and more. Automated deployment with Terraform on AWS. Configurable options for security and scalability. Usable with any applications and services hosted anywhere.

Stars: ✭ 287 (-4.97%)

Mutual labels: hcl

Citrix K8s Ingress Controller

Citrix ADC (NetScaler) Ingress Controller for Kubernetes:

Stars: ✭ 256 (-15.23%)

Mutual labels: hcl

Ansible Terraform

Ansible and Terraform: Better Together

Stars: ✭ 297 (-1.66%)

Mutual labels: hcl

Terraform Examples

Terraform samples for all the major clouds you can copy and paste. The future, co-created.

Stars: ✭ 256 (-15.23%)

Mutual labels: hcl

Iam Policy Json To Terraform

Small tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document

Stars: ✭ 282 (-6.62%)

Mutual labels: hcl

Elasticsearch Cloud Deploy

Deploy Elasticsearch on the cloud easily

Stars: ✭ 308 (+1.99%)

Mutual labels: hcl

Terraform ecs fargate example

Example used on my post about ECS Fargate

Stars: ✭ 300 (-0.66%)

Mutual labels: hcl

Terragrunt Infrastructure Live Example

A repo used to show examples file/folder structures you can use with Terragrunt and Terraform

Stars: ✭ 286 (-5.3%)

Mutual labels: hcl

View All Similar Projects ➔

Certified Kubernetes Security Specialist Study Guide

Certified Kubernetes Security Specialist Study Guide

CKS Overview

The CKS is the third Kubernetes based certification backed by the Cloud Native Computing Foundation (CNCF). CKS will join the existing Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer (CKAD) programs. All three certifications are online, proctored, performance-based exams that will require solving multiple Kubernetes security tasks from the command line. With the massive investment into Kubernetes over the last five years, these certifications continue to be highly sought after by many seeking out technical knowledge about Kubernetes.

This repository contains resources to build a Kubernetes cluster, and example questions and answers based on the Certified Kubernetes Security Specialist (CKS) exam curriculum.

Repository Structure

study_guide/
└ cluster_setup/
  └ Makefile
  └ gcp   -> Create a 1.19 cluster in GCP with RKE.
  └ aws   (coming soon)
  └ azure (coming soon)
└ img/
  └ all_images_used
└ walkthrough/
  └ p0_intro/
  └ p1_cluster_setup /
  └ p2_cluster_hardening/
  └ p3_system_hardening/
  └ p4_minimizing_vulnerabilities/
  └ p5_supply_chain_security/
  └ p6_monitoring_logging_runtime_security/
└ LICENSE
└ README.md

Outline

The CKS test will be online, proctored and performance-based, and candidates have 2 hours to complete the exam tasks. This information is currently based on the Linux Foundations release of the CKS outline.

From the CKS Exam Curriculum repository, The exam will test domains and competencies including:

Cluster Setup (10%): Best practice configuration to control the environment's access, rights and platform conformity.
Cluster Hardening (15%): Protecting K8s API and utilize RBAC.
System Hardening (15%): Improve the security of OS & Network; restrict access through IAM.
Minimize Microservice Vulnerabilities (20%): Utilizing on K8s various mechanisms to isolate, protect and control workload.
Supply Chain Security (20%): Container oriented security, trusted resources, optimized container images, CVE scanning.
Monitoring, Logging, and Runtime Security (20%): Analyse and detect threads.

Exam News and Overview

-> CNCF CKS Overview

KubeCon Announcement and Preparation Tips

-> KubeCon Announcement and Linux Foundation Update

Curriculum

Below is the CKS curriculum broken down by its six sections. Each section has its own folder in the repository, where you can walk through individual questions relating to their respective topic. Each section in the curriculum overview also contains external resources that you may find useful in your studying journey,

Cluster Setup - 10%

Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)

CIS benchmark for Kubernetes

Verify platform binaries before deploying

Kubernetes platform binaries

Protect node metadata and endpoints

Setting up secure endpoints in Kubernetes

Use Network security policies to restrict cluster level access

Properly set up Ingress objects with security control

Ingress

Minimize use of, and access to, GUI elements

On Securing the Kubernetes Dashboard

Cluster Hardening - 15%

Restrict access to Kubernetes API

Controlling Access to the Kubernetes API

Use Role Based Access Controls to minimize exposure

Using RBAC Authorization

Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones

System Hardening - 15%

Minimize host OS footprint (reduce attack surface)

Minimize IAM roles

IAM Grant least privilege

Minimize external access to the network

Secure hosts with OS-level firewall (ufw)

Appropriately use kernel hardening tools such as AppArmor, seccomp

Kubernetes Hardening Best Practices

Minimize Microservice Vulnerabilities - 20%

Setup appropriate OS level security domains e.g. using PSP, OPA, security contexts

Manage Kubernetes secrets

Kubernetes Secrets

Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)

Implement pod to pod encryption by use of mTLS

Manage TLS Certificates in a Cluster

Supply Chain Security - 20%

Minimize base image footprint

Secure your supply chain: whitelist allowed image registries, sign and validate images

Use static analysis of user workloads (e.g. kubernetes resources, docker files)

Scan images for known vulnerabilities

Scan your Docker images for vulnerabilities

Monitoring, Logging and Runtime Security - 20%

Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities

Restrict a Container's Syscalls with Seccomp

Detect threats within physical infrastructure, apps, networks, data, users and workloads

Threat matrix for Kubernetes

Detect all phases of attack regardless where it occurs and how it spreads

Investigating Kubernetes attack scenarios in Threat Stack

Perform deep analytical investigation and identification of bad actors within environment

Kubernetes security 101: Risks and Best practices

Ensure immutability of containers at runtime

Leverage Kubernetes to ensure that containers are immutable

Use Audit Logs to monitor access

Extra Resources

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 302

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗