Kubernetes Security Best Practices you need to know | THE Guide for securing your K8s cluster!
Рет қаралды 176,487
Күн бұрынSecure your K8s cluster with this Top 10 Kubernetes Security Best Practices | Kubernetes Security 101
💙 Become a Kubernetes Administrator ► bit.ly/420TrA7
💚 Become a DevOps Engineer - full educational program ► bit.ly/3q7Ir6X
💛 Follow me on IG for behind-the-scenes-content ► bit.ly/2F3LXYJ
✅ Learn more about Kubernetes Backup and Restore with Kasten: • Kubernetes Backup and ...
#kubernetes #devops #techworldwithnana
► Thank you Kasten for sponsoring this video 🙌
► Free Kubernetes Backup and Migration - Download Free Kasten K10 #1 Kubernetes Backup: www.kasten.io/nana
In this video I talk about a super important topic, which is security in Kubernetes and what are some of the best practices for securing your Kubernetes cluster.
The big challenge that we see in terms of Kubernetes security is that it's already so challenging to set up a Kubernetes cluster and to configure it to deploy the applications in it, that security often becomes the afterthought, adding on top of that already complex configuration. However we can't deny the importance of security, especially when the systems are so complex!
Cloud applications actually become a very attractive target to a lot of hackers and this growing number of cloud native applications mostly use Kubernetes as a platform and that's where the relevance of knowing how to secure Kubernetes clusters comes into play.
▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬
Sign up to get notified about new upcoming courses ► www.techworld-with-nana.com/c...
▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬
0:00 - Intro
00:33 - Security in Cloud in general
01:39 - Security in Kubernetes
02:26 - Security as a Spectrum
04:39 - BP 1 - Image Scanning
09:45 - BP 2 - Run as Non-Root User
11:08 - BP 3 - Users & Permissions with RBAC
15:44 - BP 4 - Use Network Policies
18:18 - BP 5 - Encrypt Communication
19:06 - BP 6 - Secure Secret Data
20:34 - BP 7 - Secure etcd
22:05 - BP 8 - Automated Backup & Restore
24:54 - BP 9 - Configure Security Policies
26:50 - BP 10 - Disaster Recovery
▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬
Full Python course ► • Python Tutorial for Be...
Full Docker course ► • Docker Tutorial for Be...
Full K8s course ► • Kubernetes Tutorial fo...
DevOps Tools explained ► bit.ly/2W9UEq6
▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬
INSTAGRAM ► bit.ly/2F3LXYJ
TWITTER ► bit.ly/3i54PUB
LINKEDIN ► bit.ly/3hWOLVT
FB group ► bit.ly/32UVSZP
DEV ► bit.ly/3h2fqiO
▬▬▬▬▬▬ Courses & Bootcamp & Ebooks 🚀 ▬▬▬▬▬▬
► Become a DevOps Engineer - full educational program 👉🏼 bit.ly/45mXaer
► High-Quality and Hands-On Courses 👉🏼 bit.ly/3BNS8Kv
► Kubernetes 101 - compact and easy-to-read ebook bundle 👉🏼 bit.ly/3Ozl28x
@TechWorldwithNana 2 жыл бұрын
Please share with others, which K8s security best practice is important, which I didn't mention? 💙 Become a Kubernetes Administrator ► bit.ly/420TrA7 💚 Become a DevOps Engineer - full educational program ► bit.ly/3q7Ir6X 💛 Follow me on IG for behind-the-scenes-content ► bit.ly/2F3LXYJ 💡 Sign up to get notified about new upcoming courses ► www.techworld-with-nana.com/course-roadmap
@ayushsitoke2456 Жыл бұрын
Awesome! 1. Do Image Scanning for vulnerability 2. Avoid root user for running container 3. Manage User & Permission - RBAC 4. Use Network policies or service mesh 5. Encrypt Communication 6. Secure secret data 7. Secure etcd 8. Backup & Restore 9. Configure security policies 10. Disaster Recovery
@aliandy.jf.nababan Жыл бұрын
You're right, Nana is very good presenting concept basis for developer knowledge, especially when presenting strength weakness opportunity threat (SWOT) analisis kind of comparison of different DevOps tools👍
@dattavr Жыл бұрын
So basically, protection at 3 layers, 1. Network 2. Application 3. Data All above 10 points are in these category
@dsha256 2 жыл бұрын
Nana, your explanation skills are just great, as usual! 🙏❤️
@TechWorldwithNana 2 жыл бұрын
Thanks so much David! 💙
@kameh4522 2 жыл бұрын
These security best practices are at root based on several infosec standards such as iso27001, and you have applied these for K8s beautifully.
@jennyfreckleface Жыл бұрын
Best cloud and K8S security content. Bravo. Thank you for sharing.
@BDubzDM21 Жыл бұрын
I learned more from this 30 Minute video than I did the entire Linux Foundation Kubernetes Security Essentials course. Thanks!
@bengalivoyages Жыл бұрын
The more I watch your youtube videos, more it clarify basics of each K8s components!!! you are the best...!
@adityashashankaneti940 2 жыл бұрын
The word "best teacher" is too not enough to describe you. Thank you 🙏🙏🙏
@TechWorldwithNana 2 жыл бұрын
Thanks so much 💙
@rajrathor6505 Жыл бұрын
Nana, I love the way you explain each and every point. You are the best Teacher in the world. Thanks and appreciate all your hard work.
@kiannec2890 2 жыл бұрын
Very helpful and made my day since I’ve been figuring out how to do this and I learned it so quick as I clicked into this video,thanks girl
@TechWorldwithNana 2 жыл бұрын
Glad it was helpful Kianne! :)
@narasimhachinimilly 2 жыл бұрын
Really awesome, appreciate how you organized the content. Happy to learn good things.😀
@princeugly3457 2 жыл бұрын
Thank you Nana, your content always great and easy to understand.
@testquality1900 2 жыл бұрын
Great explanation! Direct and clear to the topic 💯
@sagarahire6531 2 жыл бұрын
Much needed video...was wondering about the security of kubernetes...You're being a Santa just keep fulfilling the wishes...Thanks for your time and effort
@TechWorldwithNana 2 жыл бұрын
My pleasure! I'm glad it was helpful 😊💙
@ViralFactorry 2 жыл бұрын
Well explained Nana... thanks for making such a amazing content 👍
@9sandy13 Жыл бұрын
Great fan of your work and your tech videos, your explanation is really very helpful to understand the concepts, keep up the good work.
@lovehumanrace 3 ай бұрын
Fantastic overview! Just what I was looking for. Thank you. 🙏
@tbugaevsky 2 жыл бұрын
Security is a very important thing to take care of, thank you.
@vikrama736 2 жыл бұрын
This is such a great stuff and important too! Thanks Nana! The best tutor!
@TechWorldwithNana 2 жыл бұрын
Happy to hear, thank you Vikram :)
@remyzandwijk 2 жыл бұрын
Excellent and very helpful video. Thanks Nana!
@YawadoudouAllahou Жыл бұрын
Nama you are pedagogical breaking down this security .Thanks
@walterpalladino1965 Жыл бұрын
First of all this was a great video on this series. I have a question related to the point 10. You marked this as result of a successful attack but, if you just restore the cluster, could get attacked the same way so, there are any tool that lets you identify how it happened to solve the related security flaws? Thank you in advance.
@thomash.8297 2 жыл бұрын
Thank you, waited for that 😮
@c1i2s3c4o5 2 жыл бұрын
Great video Mam !!!, a very core feature which is rarely being used in companies for implementing k8s security, kindly also cover Locking Down Kubelet as its a backdoor for api server & image signature as its must to make sure that image is a legitimate one, Thank You
@review.masahiro 5 ай бұрын
love your content and clear explanation. it is 10/10 from me. thank you nana
@pareshpatel493 Жыл бұрын
As usual, PERFECT. God Bless you.
@picapicatchof8309 3 ай бұрын
Hi, first of all I would like to thank you for your great effort to explain us the k8s cybersecurity issues and how to mitigate threats related to its deployment, just one the most important thing that also can improve the K8s security is the log management, it give you the possibility to control and monitor security issues in real time using for example syslog protocol to collect and treat them in a centralized areas. So, if you can focus on this issue in next time. Thanks.
@maheshirk Жыл бұрын
Truly awesome, Thank You Nana !
@ChanceMinus Жыл бұрын
Extremely helpful. Thank you.
@kamleshmak23 2 жыл бұрын
Thanks for always an easy to follow content and giving me more knowledge
@TechWorldwithNana 2 жыл бұрын
Thank you, really appreciate your support!
@felipeozoski 2 жыл бұрын
Great stuff as usual!!
@shubamthokare 6 ай бұрын
Thanks you. Is was very helpful for understanding the k8s security concept.
@CloudSecurityGuy 2 жыл бұрын
Awesome video !
@georgelobo4048 Жыл бұрын
Best explanation! Thanks, Nana!!
@LuHaTube 2 жыл бұрын
Thanks very much Nana for your great effort.
@md.ishtayaqueahmad3170 10 ай бұрын
Very well explained. Thank you very much for sharing such informative video.
@deepanchakrvarthyp7063 Жыл бұрын
Very clear explanation,thanks you so much
@manasanayini2655 2 ай бұрын
Big thanks for the best lecture!!
@kchaitanya39 10 ай бұрын
Thank you Nana for the awesome explanation
@arvindkumarreddydubbala5775 Жыл бұрын
you explanation is really understandable by every one. Simply superb work keep it up.
@TamLe-sh2ru 2 жыл бұрын
Thanks, great video!
@anas6435 Жыл бұрын
Nice Explanation.. Also one of the best practices to secure Etcd is to encrypt it..
@rakeshnalagandla7746 Жыл бұрын
Great video. Thank you so much. Can you suggest a enterprise grade tool that helps with most of these best practices rather than using different tools for each type
@kay2care 2 жыл бұрын
Thank you Nana!
@sujeetkumar. 2 жыл бұрын
Wonderful video 😍
@kameh4522 2 жыл бұрын
What a fabulous explanation, thank you kindly.
@TechWorldwithNana 2 жыл бұрын
Happy to hear! Appreciate your positive feedback! 💙
@nupeamanga9514 6 ай бұрын
Thanks a lot for this priceless narratives
@jamallmahmoudi9481 7 ай бұрын
Hi, It was great and useful, thank you🙏
@amsirajuddin Жыл бұрын
nice one! thank you Nana!
@ireenisabel988 2 жыл бұрын
Hi thanks for these videos. I have a request. If you find some time can you please make a video on how you learn a technology/concpet this thorough? For me, it takes couple of times reading and trying out before I understand the basics properly. If you have a shortcut, we would love to know.
@NicolasGryman 2 жыл бұрын
Thanks Nana, you rock!
@darshanmehta9374 Жыл бұрын
You have been great Nana - really appreciate you giving the right amount of details. I wanted to ask while I understand 3rd party product was mentioned for data recovery, I wanteed to ask if Volume Storage can help in protecting or recovering the application/config data in any which ways during a cyber event. If anyone can hep - wouldd be appreciated.
@simon-rey Жыл бұрын
Great video, very informative and smart ideas, thanks
@lichir 2 жыл бұрын
Great video! Greetings from Argentina!
@omdxp 2 жыл бұрын
Thank you so much for these valuable information
@TechWorldwithNana 2 жыл бұрын
My pleasure! Appreciate your comment!
@parris3142 Жыл бұрын
Great overview.. thanks
@rajeshdhapola07 Жыл бұрын
Great explanation...Thanks
@derekreed6798 Жыл бұрын
Many thanks, plenty of food for thought.
@alexserbul 10 ай бұрын
Thank you!
@maneeshs3876 2 жыл бұрын
Nice informative video !
@loading418 2 жыл бұрын
knowledge ++ many many ty
@stevenromero9962 2 жыл бұрын
Great explanation, this is top level content.
@TechWorldwithNana 2 жыл бұрын
Thanks Steven :)
@munnieswaroop Ай бұрын
Thank you
@yogidude1 2 жыл бұрын
Great video👌
@omarakki705 2 жыл бұрын
Thanks nana
@s.sandeep 2 жыл бұрын
Thanks!
@Fayaz-Rehman 2 жыл бұрын
Great - Thanks for sharing.
@TechWorldwithNana 2 жыл бұрын
My pleasure! :)
@satyamgpt31 Жыл бұрын
Really helpful
@mousumisaha4525 2 жыл бұрын
Thank you for this awasome video
@TechWorldwithNana 2 жыл бұрын
My pleasure! 💙
@MuhammedDahab 2 жыл бұрын
Great Stuff as usually
@TechWorldwithNana 2 жыл бұрын
Glad you enjoy it! Thanks 😊
@TheEbbemonster 2 жыл бұрын
Great video! It would be nice if you inform the viewer whenever, you jump to a sponsored or affiliated component, such that the viewed knows that your view on that component is biased like with Kasten K10.
@TechWorldwithNana 2 жыл бұрын
Thanks for your valuable feedback! Sure, will try to make it clearer in the videos, when talking about the sponsored tool.
@ishaquerazvi2670 Жыл бұрын
I really like the way you teach, I prefer your videos over udemy .....thanks a lot
@rampanwar1316 2 жыл бұрын
Bery good Video nana
@Harridu 2 жыл бұрын
Excellent
@TechWorldwithNana 2 жыл бұрын
Thank you!!
@MirajGodha Жыл бұрын
Awesome bro
@shalandichannel Жыл бұрын
thanks for the nice video! i habe got 2 doubts after watching the video: 1. in point 5 you mention that pods traffic is unencrypted by default. is this only true for communication inside the cluster, i.e. is the host to host communication for both control plane and pods elements encrypted from the outside? if this is not the case, is it necessary to setup a VPN mesh between the k8s nodes or would that be an unusual overhead in regular k8s deployments? 2. how about securing network access to cluster and its services on a TCP level? can port 6443 remain unprotected? should administrator always access the cluster protected services via port forwarding or is it best to publish ingresses on a protected subnet and then setup a VPN to push that subnet to authorized users? what are best/common cloud native practices here? is there any helm chart for that? thanks
@emmanuelgelatimesa2712 2 жыл бұрын
for scan image, you could use anchore
@yinyang2k 2 жыл бұрын
Thank you for the video! 🙏 I’m interested in using Hashicorp Vault. Could you maybe make a video about it to? :)
@TechWorldwithNana 2 жыл бұрын
Thank you for your suggestion. Yes, we are thinking about making video about Vault.
@sahanasadasivam7056 2 жыл бұрын
Hi Nana,discuss about what are the career paths in software field,it will be helpful,to set goal beside that
@TechWorldwithNana 2 жыл бұрын
Will consider. Thanks for suggestion!
@Tirax13 2 жыл бұрын
hey nana, i like your content, do you have an advice for including security testing in the pipeline, like vulnerability scanning and compliance checks? For example how do i include cis benchmarks and vuln scanning and define thresholds that prevent unsecure workloads from going to production?
@sgrhr024 2 жыл бұрын
Nice question
@stockmarket9449 4 ай бұрын
Image scanning happens in CI/CD and also Image registery regularly, we can consider to do such scanning at appropriate stage in deployment. Also we can consider to attach digital signature when run scanning is completed just before to start tranfer the image upon pull Image request from registery , and verify it at appropriate stage during deployment workflow. Please share your thoughts. Thank you!
@Harridu 2 жыл бұрын
One important point missing was a firewall between your cluster and the outside world.
@k.alipardhan6957 Ай бұрын
would have been helpful to mention more details on scanning... static, dymanic, SCA, and Docker Scout.
@blakegreendev 2 жыл бұрын
Just to help drive home the misconception of the security in cloud in general. Each cloud provider has a shared responsibility model. The cloud provider is responsible for the security OF the cloud and the customer is responsible for the security IN the cloud :)
@TechWorldwithNana 2 жыл бұрын
Thanks for sharing :)
@PrasannaVarshan 2 жыл бұрын
Does any one else feels like crying? I found peace finally!!!!
@tomasferrari92 Жыл бұрын
i love u nana
@DrorNir 2 жыл бұрын
I've just started a job as DevSecOps and I have zero experience. I'm buying the course as it comes out!
@TechWorldwithNana 2 жыл бұрын
Good to hear! I'm sure it can be pretty challenging.
@murali7403 2 жыл бұрын
Hi nana was attended 3 times interview within a span of 1 month in tcs but 3rd time i got selected and they released offer and joining date too while doing background check previous two attempts they will consider? Normally they will. Check the candidate before attending interview right wether candidate is attended or not like?
@cracksaadee Жыл бұрын
How to use regex in audit policy in k8s ?
@chasevonnable 2 жыл бұрын
💯💻
@Thomas-1023 3 ай бұрын
I'm enchanted by this content. I had the pleasure of reading something similar, and I was completely enchanted. "Mastering AWS: A Software Engineers Guide" by Nathan Vale
@nr9885 2 жыл бұрын
Just pointing out that at 19:30 you forgot a "=" at the end of your mongo-password secret. In fact, it should be "bW9uZ29wYXNzd29yZA==". Maybe I do have too much free time 😅?
@TechWorldwithNana 2 жыл бұрын
😀 great attention to detail! 👍
@MrDuoScythe 2 жыл бұрын
Get NeuVector...done :)
@borntoexcel14 Жыл бұрын
Kubernetes secrets are not stored in ETCD. Secrets in k8s are stored in a separate "Secrets API" object in encrypted format within k8s.
@R-Kannada-DevOps 9 ай бұрын
How to delete already pulled images from cluster to release space .
@vanzoelmaulana4324 7 ай бұрын
actually sa can be used for human also
@John-3692 3 ай бұрын
This is exceptional in every way. I read a book with similar content, and it was exceptional in every way. "Mastering AWS: A Software Engineers Guide" by Nathan Vale
@JamesMcCabe703 7 ай бұрын
Encryption: AWS engineers when using their KMS have a copy of the private key. So they become the insider threat. See arrest of Paige Thompson, AWS engineer who release Captial One customer data. Use you're own key management system.
@uziboozy4540 2 жыл бұрын
After reading the NSA/CISA Kubernetes Hardening Guide, it's a no thank you. Managed Kubernetes platforms ftw. Especially D2IQ
@anousavelavet8425 Жыл бұрын
Anousa, Velavet
@bulldozerbaba3830 Жыл бұрын
There is no proper video on Hashicorp Vault to integrate it and use it with Terraform or K8s. Can you please make a video on it? 🙄
TechWorld with Nana
Рет қаралды 463 М.
Go Gizmo!
Рет қаралды 15 МЛН
CNCF [Cloud Native Computing Foundation]
Рет қаралды 49 М.
TechWorld with Nana
Рет қаралды 517 М.
Cloud With Raj
Рет қаралды 42 М.