CKS 核心知识点概述

介绍

笔者曾经在本专栏分享了大量 CKA & CKS 考点相关的内容,由于某些原因被 jubao 下架,但考虑到很多网友和群友想进一步了解 CKS 相关的核心知识,因此在这里把笔者之前的记录整理了一下,希望对大家有一定的帮助。
如果想了解跟多相关知识,可以加入 K8S & 云原生交流 Q群(284134230)和大家一起学习进步…

知识点

  1. ServiceAccount 相关
    ​​​docs/tasks/configure-pod-container/configure-service-account/​
  2. kube-bench 排错
    ​​​github.com/aquasecurity/kube-bench​​​​Kubernetes Documentation/Reference/Component tools/kube-apiserver​​​​Kubernetes Documentation/Reference/Component tools/kubelet​​​​Kubernetes Documentation/Tasks/Administer a Cluster/Operating etcd clusters for Kubernetes​
  3. 默认 NetworkPolicy
    ​​​Kubernetes Documentation/Concepts/Services, Load Balancing, and Networking/Network Policies​
  4. Pod安全策略-PodSecurityPolicy
    ​​​Configure a Security Context for a Pod or Container​​​​Kubernetes Documentation/Concepts/Policies/Pod Security Policies​
  5. Role & RoleBinding
    ​​​Kubernetes Documentation/Reference/API Access Control/Using RBAC Authorization​
  6. 日志审计audit-log
    ​​​Kubernetes Documentation/Tasks/Monitoring, Logging, and Debugging/Auditing​
  7. secret
    ​​​Kubernetes Documentation/Concepts/Configuration/Secrets​
  8. 优化Dockerfile 和 deployment.yaml
    ​​​Best practices for writing Dockerfiles​​​​Kubernetes Documentation/Concepts/Security​​​​Kubernetes Documentation/Tasks/Configure Pods and Containers/Configure a Security Context for a Pod or Container​​​​Dockerfile Security Best Practice​​​​Docker Container Security 101: Risks and 33 Best Practices​
  9. RuntimeClass & gVisor
    ​​​github.com/google/gvisor​​​​Kubernetes Documentation/Concepts/Containers/Runtime Class​
  10. pod安全-stateless & immutable
    ​​​Kubernetes Documentation/Tasks/Configure Pods and Containers/Configure a Security Context for a Pod or Container​​​​Kubernetes Documentation/Concepts/Security/Pod Security Standards​
  11. 修改API-Server参数
    ​​​Kubernetes Documentation/Reference/Component tools/kube-apiserver​​​​k8s安全04–kube-apiserver 安全配置​
  12. ImagePolicyWebhook
    ​​​Kubernetes Documentation/Reference/API Access Control/Using Admission Controllers​
  13. Trivy 检测镜像
    ​​​github.com/aquasecurity/trivy​​​​trivy/v0.21.2/getting-started/quickstart/​
  14. AppArmor
    ​​​Kubernetes 文档/教程/集群/使用 AppArmor 限制容器对资源的访问​
  15. sysdig & falco
    ​​​docs.sysdig.com​​​​Kubernetes blogs/Monitoring Kubernetes with Sysdig​

说明

  1. 本文只提供核心知识点相关的官方文档指引,不提供任何zhenti 信息,若需要了解最新考点信息可以参考​​github.com/cncf/curriculum​​ 中的pdf 。
  2. 请大家不要在本文评论区探讨zhenti 信息,谢谢大家配合!