Introduction

Cloud Native Security Workshop

Lectures

Lecture: Overview of Kubernetes Networking

An overview of Kubernetes Networking from Service Types, Ingress and Route, Network Policies

Lecture: Overview of Kubernetes Extensions

An overview of Kubernetes Extensions Custom Resources, Controllers, Operator Pattern, Cloud Paks

Lecture: Introduction to API Connect

An Overview of API Connect

Hands-on Labs

Current

Duration

Title

Description

Comments

60 mins

Lab: Kubernetes Networking 101

How to control access using Service Types, Ingress and Network Policies

-

60-75 mins

Lab: Kubernetes Storage 201

Adding Secure Encrypted Cloud Object Storage (COS) with S3FS-Fuse and Dynamic Provisioning

-

60-90 mins

Lab: S2I

Using Source-to-Image (S2I) Build Strategy with Universal Base Image (UBI), Custom Builder and Runtime Images, Templates, BuildConfig and DeploymentConfig

-

45 mins

Lab: Operators 101

Creating Operators with Existing Helm Charts using the Operator Framework

-

45 mins

Lab: STIX-Shifter version2 101

Create a stix-shifter connector to iThemes Security for WordPress

-

45 mins

Lab: Container Security 301

Set up runtime container security monitoring with Falco and Kubernetes

-

30 mins

Lab: API Security 101

Create and publish a managed API endpoint for an existing REST service, using API Connect

-

Developer Starter Kits

  • Get Started with Security for your Java Microservice:

    • Exercise 1.2: Expose Istio Ingress Gateway,

    • Exercise 1.3: Expose the gateway via DNS with TLS enabled,

    • Exercise 1.4: Setup Keycloak

    • Exercise 2.2: Secure microservices with strict mTLS,

    • Exercise 3.2: Authentication in Vue.js with frontend application,

    • Exercise 3.3: Authorization in Quarkus application,

Upcoming

Duration

Title

Description

Comments

-

Lab: Istio Security 201

Add mutual TLS Authentication and Encryption of Data-in-Motion with Istio

Under Review

-

Lab: QRadar Apps 101

Create a QRadar App for iThemes Security for WordPress

Under Review

-

Lab: QRadar Modules 101

Create a QRadar DSM (Device Support Module) for iThemes Security for WordPress

Under Review

-

Lab: API Security 201

Securing your API with API Connect, DataPower Gateway and App ID

Under Review

-

Lab: Kubernetes Policy 201

Integrate Open Policy Agent (OPA) on Kubernetes to Secure a Node.js Loopback v4 API

Coming soon

1-Day Agenda

Duration

Title

Description

Comments

60 mins

Lecture: Overview of Kubernetes Networking

An overview of Kubernetes Networking from Service Types, Ingress and Route, Network Policies

-

45 mins

Lab: Operators 101

Creating Operators with Existing Helm Charts using the Operator Framework

-

60-75 mins

Lab: Kubernetes Storage 201

Adding Secure Encrypted Cloud Object Storage (COS) with S3FS-Fuse and Dynamic Provisioning

-

60-90 mins

Lab: S2I

Using Source-to-Image (S2I) Build Strategy with Universal Base Image (UBI), Custom Builder and Runtime Images, Templates, BuildConfig and DeploymentConfig

-

On-Demand Replays

Lectures

DDC: Cloud Native Security

Application Security

Data Security

DevSecOps

Duration

Title

Speaker

20 mins

Keynote - DevSecOps for Cloud Native development on IBM Z

Rosalind Radcliffe

30 mins

How to secure a Tekton-based Build of Container Images on Kubernetes

Enrique Encalada, Jordan Zhang

30 mins

Falco with Kubernetes on IBM Cloud

Kris Nova

30 mins

Automating Cloud Security & Compliance

Jan Cerny, Simon Lukasik

30 mins

From Hardware Root of Trust (RoT) to Containers: Running Trusted Containers on a High Assurance OpenShift Platform

Brandon Lum, Harmeet Singh

Labs

Compatibility

This workshop has been tested on the following platforms:

  • OpenShift: version 4.3

Credits