CKS 核心知识点概述
笔者曾经在本专栏分享了大量CKA&CKS考点相关的内容,由于某些原因被jubao下架,但考虑到很多网友和群友想进一步了解CKS相关的核心知识,因此在这里把笔者之前的记录整理了一下,希望对大家有一定的帮助。如果想了解跟多相关知识,可以加入K8S&云原生交流Q群(284134230)和大家一起学习进步…......
·
介绍
笔者曾经在本专栏分享了大量 CKA & CKS 考点相关的内容,由于某些原因被 jubao 下架,但考虑到很多网友和群友想进一步了解 CKS 相关的核心知识,因此在这里把笔者之前的记录整理了一下,希望对大家有一定的帮助。
如果想了解跟多相关知识,可以加入 K8S & 云原生交流 Q群(284134230)和大家一起学习进步…
知识点
- ServiceAccount 相关
docs/tasks/configure-pod-container/configure-service-account/ - kube-bench 排错
github.com/aquasecurity/kube-bench
Kubernetes Documentation/Reference/Component tools/kube-apiserver
Kubernetes Documentation/Reference/Component tools/kubelet
Kubernetes Documentation/Tasks/Administer a Cluster/Operating etcd clusters for Kubernetes - 默认 NetworkPolicy
Kubernetes Documentation/Concepts/Services, Load Balancing, and Networking/Network Policies - Pod安全策略-PodSecurityPolicy
Configure a Security Context for a Pod or Container
Kubernetes Documentation/Concepts/Policies/Pod Security Policies - Role & RoleBinding
Kubernetes Documentation/Reference/API Access Control/Using RBAC Authorization - 日志审计audit-log
Kubernetes Documentation/Tasks/Monitoring, Logging, and Debugging/Auditing - secret
Kubernetes Documentation/Concepts/Configuration/Secrets - 优化Dockerfile 和 deployment.yaml
Best practices for writing Dockerfiles
Kubernetes Documentation/Concepts/Security
Kubernetes Documentation/Tasks/Configure Pods and Containers/Configure a Security Context for a Pod or Container
Dockerfile Security Best Practice
Docker Container Security 101: Risks and 33 Best Practices - RuntimeClass & gVisor
github.com/google/gvisor
Kubernetes Documentation/Concepts/Containers/Runtime Class - pod安全-stateless & immutable
Kubernetes Documentation/Tasks/Configure Pods and Containers/Configure a Security Context for a Pod or Container
Kubernetes Documentation/Concepts/Security/Pod Security Standards - 修改API-Server参数
Kubernetes Documentation/Reference/Component tools/kube-apiserver
k8s安全04–kube-apiserver 安全配置 - ImagePolicyWebhook
Kubernetes Documentation/Reference/API Access Control/Using Admission Controllers - Trivy 检测镜像
github.com/aquasecurity/trivy
trivy/v0.21.2/getting-started/quickstart/ - AppArmor
Kubernetes 文档/教程/集群/使用 AppArmor 限制容器对资源的访问 - sysdig & falco
docs.sysdig.com
Kubernetes blogs/Monitoring Kubernetes with Sysdig
说明
- 本文只提供核心知识点相关的官方文档指引,不提供任何zhenti 信息,若需要了解最新考点信息可以参考 github.com/cncf/curriculum 中的pdf 。
- 请大家不要在本文评论区探讨zhenti 信息,谢谢大家配合!
更多推荐
已为社区贡献44条内容
所有评论(0)