Securing Container Workloads in GCP Hackathon (SECTY-HACK-G)

 

Course Overview

The One Day Hack for Security prepares IT professionals of all flavours for identifying and resolving security issues in cloud-native development and deployment processes. This hack gives attendees the hands-on experience of working with security on Kubernetes powered by Google Kubernetes Engine (GKE) and Google Cloud Platform (GCP) in general.

The concept of this Security-focused One-Day Hack is based on attendees working in teams while completing a set of gated challenges that will boost their knowledge in the area of security that is needed now more than ever since security is a crucial topic in today’s modern, containers-based cloud-native world. They will do that by leveraging GCP’s Cloud IAM and RBAC, Google Secret Manager, integration of a CSI driver with Google Kubernetes Engine, and advanced features of GCP’s VPC networking.

Outline: Securing Container Workloads in GCP Hackathon (SECTY-HACK-G)

The challenges are connected – building on the previous one. The attendees will be faced with three challenges. They will be given a Google Kubernetes cluster running a demo application consisting of several microservices developed using node.js. The challenges are briefly described below. Challenge 1: Who is who in the zoo? Introduction to user authentication and authorization while using Cloud IAM and Google Kubernetes Engine will start with the team looking to improve their solution's security. They will have access to Google Kubernetes Engine running a demo application. The team will have to define and manage users’ level of access to GKE resources, keeping the whole system secured while still enabling every engineer to do what they need to do.

Challenge 2: Hush, hush The team will be introduced to the concept of using secrets in the Kubernetes cluster. They will need a manager for handling their secrets and for that they will use Google Secret Manager. Once they create Google Secret Manager and their secrets, they should edit their deployment templates to consume their newly created secrets and implement a CSI driver in their cluster.

Challenge 3: It’s time to create some order here After the team has implemented a user authentication and authorization strategy and stored the secrets in a secure place, the application in the GKE cluster is much more secure. However, that is nearly not enough to call their system secure. The team should also consider communication protocols between microservices (containers) internally and externally. To achieve that, they will have to add a set of rules for the cluster to abide by.

Prices & Delivery methods

Online Training

Duration
1 day

Price
  • on request
Classroom Training

Duration
1 day

Price
  • on request

Schedule

Currently there are no training dates scheduled for this course.