Introduction to Kubernetes

Abstract

Workshop Time - 09:00 am - 01:00 am (SGT)

Are you ready to be the Ship’s Captain and sailing through the realm of Kubernetes? Kubernetes, also known as K8s is an open-source tool that is widely used by organisations for automating deployment, scaling and management of containerised applications.

This course will guide you through an exciting journey of getting to know the fundamentals of K8s. Participants who have no prior knowledge in K8s or containerisation technology are most welcome as we will be teaching you some of the basic and core concepts of a K8s cluster such as pod deployment, cluster networking and Role-Based Access Control (RBAC). Besides, the security element of each concept will also be presented during the workshop.

These concepts serve as a good starting point for someone who is new to this domain and would want to go deeper into this area. We will also navigate you through various hands-on sessions, that allows you to use tools we normally use when dealing with K8s. You will also be able to learn to identify security misconfiguration that could happen within a K8s cluster and follow the best practices to secure a K8s environment.

By the end of this workshop, you will have a better understanding of what K8s is, how K8s operates and the core components that are supporting K8s. You will also learn how to use CLI tools, such as kubectl to interact with a k8s cluster. Last but not least, you will also learn some of the basic security concepts that are critical in securing a K8s cluster.


This workshop is composed of the following topics:

  • Introduction to K8s

    • Brief overview of the history of K8s and how it is being used in modern DevOps environment
  • Components in K8s

    • Overview (Master Node & Worker Node)
    • Namespace
    • API Server
    • ETCD
    • Kube Scheduler
    • Controller Manager
    • Kubelet
    • Kube Proxy
    • Container Runtime
  • CLI Tool: kubectl

    • Briefly go through and show example usage of kubectl
    • Some exercises for the participants to get familiar with kubectl
    • Walk through the exercises
  • Pod deployment

    • Can be simple as “kubectl -f apply pod.yaml”
    • Deployment
    • DaemonSet
    • StatefulSet
    • Exercises for participants to experience pod deployment and understand vulnerabilities that could exist in pod / container
    • Walk through the exercises
  • Cluster Networking

    • Intra-Pod communication
    • Inter-Pod communication
    • Pod-to-Worker-Node communication
    • Cluster-External communication
    • Exercises for participants to visualise cluster networking
      • Show K8s comes with flat network by default
      • Access control (Ingress)
    • Walk through the exercises
  • Role-based Access Control (RBAC)

    • Role
    • Cluster
    • RoleBinding
    • ClusterRoleBinding
    • Exercises for participants to create K8s object and experience the implementation of RBAC
      • create a Service Account for a namespace
      • create a Role
      • create a RoleBinding
      • verify if RBAC works as intended
    • Walk through the exercises
  • Open-Source educational kit - “Kubernetes-goat” will be used for the hands-on part of this workshop

  • Cluster environment will be set up in an automated manner as an installation script will be shared with the participants one week in advance

  • Link to the github repo: https://github.com/madhuakula/kubernetes-goat


Register for this workshop

Speakers Information


Koh William

William is a Security Consultant from WithSecure Singapore, specialized in penetration testing, Kubernetes and Container security and is certified as OSCP and CKA.He has experience in supporting and leading multiple offensive security engagements across application, network and cloud security. During his free time, William likes exploring new technologies by setting up his own test environment for technical deep dives. He also likes to attend conferences and courses that help him keeping his knowledge up-to-date with the ever-evolving technology and security domains.


Sven Schleier

Sven is the Technical Director of WithSecure Singapore and became specialised in Application Security and has supported and guided software development projects for Mobile and Web Applications during the whole SDLC. Besides his day job Sven is one of the core project leaders and authors of the OWASP Mobile Security Testing Guide and OWASP Mobile Application Security Verification Standard. Sven is giving talks and workshops about Mobile Security worldwide to different audiences, ranging from developers to students and penetration testers.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.