CKA: Security | DevSecOps and Platform Engineering Knowledgement

📄️ Security Primitives

Security primitives in Kubernetes: access control to kube-apiserver, authentication methods with certificates and tokens, RBAC and ABAC authorization, TLS encryption between cluster components, and network policies for isolation.

📄️ Authentication

Kubernetes authentication: user types (humans and ServiceAccounts), authentication methods with static files, JWT tokens, X.509 certificates, and integration with external providers like LDAP and Kerberos.

📄️ TLS Fundamentals

TLS and digital certificates fundamentals: symmetric and asymmetric encryption, public and private keys, certificate authorities (CA), Certificate Signing Request (CSR), and public key infrastructure (PKI).

📄️ Kubernetes TLS

TLS in Kubernetes: secure communication between cluster components, certificate generation and management for kube-apiserver, etcd, kubelet and other critical components, PKI configuration and troubleshooting.

📄️ API Certificates

Kubernetes API certificates: how to generate, sign and manage user certificates using Certificate Signing Request (CSR), Kubernetes API and controller-manager for authentication and authorization.

📄️ API Groups

Kubernetes API groups: structuring resources in core groups and named groups, verbs, namespace and cluster scopes, exploration via kubectl proxy.

📄️ Kubeconfig

Kubeconfig configuration: structuring clusters, users, and contexts, certificate management, kubectl authentication, and switching between multiple Kubernetes environments.

📄️ Kubectx and Kubens

Kubectx and kubens tools for easy context and namespace switching in Kubernetes, installation guide and practical usage for multi-cluster environments.

📄️ Authorization

Kubernetes authorization mechanisms: RBAC, ABAC, Node and Webhook authorization, roles and rolebindings, clusterroles and clusterrolebindings for controlling permissions and access control.

📄️ Service Accounts

Kubernetes service accounts: application accounts, JWT tokens, automount configuration, secrets management, roles and rolebindings for controlling service permissions.

📄️ Image Security

Kubernetes image security: authentication with private registries, dockerconfigjson secrets, imagePullSecrets for controlling access to container images.

📄️ Security Context

Security context in Kubernetes: controlling users, privileges, capabilities, and process isolation between containers and host systems.

📄️ Network Policies

Network policies in Kubernetes: traffic control between pods, ingress and egress rules, selectors, and CNI for network security.