01. Understanding the Kubernetes Attack Surface

• The Kubernetes Attack Surface
• The 4C’s of Cloud Native Security: Cloud, Cluster, Container, and Code

02. Cluster Setup and Hardening

• What are CIS Benchmarks and Kube-bench
• Kubernetes Security Primitives and Authentication
• Service Accounts and TLS in Kubernetes (Certificates API)
• KubeConfig and API Groups
• Authorization: RBAC, Cluster Roles, and Role Bindings
• Kubelet Security and Kubectl Proxy/Port Forward
• Securing the Kubernetes Dashboard
• Verify platform binaries and Cluster Upgrade Process
• Network Policies: Development and Implementation
• Ingress Security, Annotations, and Docker Daemon Hardening

03. System Hardening

• Least Privilege Principle and Node Access Limitation
• SSH Hardening and Privilege Escalation in Linux
• Removing Obsolete Packages and Restricting Kernel Modules
• Identifying and Disabling Open Ports
• Minimize IAM roles and external network access
• UFW Firewall Basics and Linux Syscalls
• Restricting Syscalls using Seccomp and AppArmor Profiles
• Implementing Seccomp and AppArmor in Kubernetes
• Understanding Linux Capabilities

04. Minimize Microservice Vulnerabilities

• Security Contexts and Admission Controllers
• Validating and Mutating Admission Controllers
• Pod Security Policies and Open Policy Agent (OPA)
• Managing Kubernetes Secrets
• Container Sandboxing: gVisor and Kata Containers
• Runtime Classes and Pod-to-Pod encryption (mTLS)

05. Supply Chain Security

• Minimize base image footprint (Distroless/Alpine)
• Image Security and Whitelisting Registries (Image Policy Webhook)
• Static analysis of user workloads and Vulnerability Scanning

06. Monitoring, Logging, and Runtime Security

• Behavioral analytics of syscall processes
• Falco: Overview, Installation, and Threat Detection
• Mutable vs. Immutable Infrastructure
• Ensuring Immutability of Containers at Runtime
• Using Audit Logs to monitor access