Ideal for teams that…
Cloud, automation and CI/CD in practice — hands-on for engineering teams.
During the CKS training, participants will gain knowledge and skills related to ensuring security in Kubernetes clusters, including access control configuration, monitoring, certificate management, auditing and risk assessment, as well as troubleshooting security-related issues in containerized environments.
What we actually do
- · Applying network security policies to restrict cluster-level access
- · Using CIS benchmarks to review Kubernetes component security (etcd, kubelet, kube-dns, kube-apiserver)
- · Proper configuration of Ingress objects with security controls
- · Protecting node metadata and endpoints
- · Minimizing GUI use and access
- · Verifying Kubernetes binaries before deployment
- · Restricting access to the Kubernetes API
- · Using Role-Based Access Control (RBAC) to minimize exposure
- · Avoiding excessive use of ServiceAccounts (disabling defaults, minimizing permissions for new accounts)
- · Regular Kubernetes upgrades
- · Minimizing the host OS footprint (reducing attack surface)
- · Reducing IAM roles
- · Minimizing external network exposure
- · Using kernel hardening tools such as AppArmor and seccomp
- · Setting appropriate OS-level security domains
- · Managing Kubernetes Secrets
- · Using container runtime sandboxes in multi-tenant environments (e.g., gVisor, Kata Containers)
- · Enabling pod-to-pod encryption with mTLS
- · Minimizing base image size
- · Securing the supply chain: approved registries, image signing and validation
- · Performing static analysis of user resources (e.g., Kubernetes manifests, Dockerfiles)
- · Scanning images for known vulnerabilities
- · Analyzing syscalls, processes, and file activity at the host and container level to detect malicious behavior
- · Detecting threats across physical infrastructure, applications, networks, data, users, and workloads
- · Identifying all phases of an attack, regardless of origin or spread
- · Performing deep forensic investigations and identifying attackers in the environment
- · Ensuring container immutability in real time
- · Using audit logs to monitor access
From brief to retro in 30 days.
Brief & diagnosis
A call with the team lead + a short survey for participants. We define goals, gap and context.
Program customization
We adapt modules, case studies and code examples to your stack. Approval in 5 days.
Workshop
Trainer-led sessions, hands-on, code review. Mentor available between sessions too.
Retro + report
Outcome report for the team and lead. 30 days of consulting included.
Send a brief. We'll reply within 1 day.
After a short brief we'll prepare a program and a quote. No obligations — it's just a starting point.
Thank you!
We'll get back to you within 1 business day.
Other programs for teams
See all →Advanced Ansible Training
Cloud, automation and CI/CD in practice — hands-on for engineering teams.
Advanced Linux System Administration Training
Cloud, automation and CI/CD in practice — hands-on for engineering teams.
Ansible Basic Training
Cloud, automation and CI/CD in practice — hands-on for engineering teams.