Many topics in the CKS course have interactive in-browser Killercoda scenarios at the end. Solve these to test and harden your knowledge!
| Topic | Scenarios |
|---|---|
| Foundation - Containers under the hood | container-namespaces-docker container-namespaces-podman |
| Cluster Setup - Network Policies | networkpolicy-create-default-deny networkpolicy-namespace-communication |
| Cluster Setup - Secure Ingress | ingress-create ingress-secure |
| Cluster Setup - Node Metadata Protection | networkpolicy-metadata-protection |
| Cluster Setup - CIS Benchmarks | cis-benchmarks-kube-bench-fix-controlplane |
| Cluster Setup - Verify Platform Binaries | verify-platform-binaries-kubelet |
| Cluster Hardening - RBAC | rbac-serviceaccount-permissions rbac-user-permissions certificate-signing-requests-sign-manually certificate-signing-requests-sign-k8s |
| Cluster Hardening - Exercise caution in using ServiceAccounts | serviceaccount-token-mounting |
| Cluster Hardening - Restrict API Access | apiserver-crash apiserver-misconfigured apiserver-node-restriction |
| Microservice Vulnerabilities - Manage Kubernetes Secrets | secret-pod-access secret-read-secrets secret-serviceaccount-pod secret-etcd-encryption |
| Microservice Vulnerabilities - Container Runtime Sandboxes | sandbox-gvisor |
| Microservice Vulnerabilities - OS Level Security Domains | privileged-containers privilege-escalation-containers |
| Supply Chain Security - Image Footprint | container-image-footprint-user container-hardening |
| Supply Chain Security - Static Analysis | static-manual-analysis-k8s static-manual-analysis-docker |
| Supply Chain Security - Image Vulnerability Scanning | image-vulnerability-scanning-trivy |
| Supply Chain Security - Secure Supply Chain | image-policy-webhook-setup image-use-digest |
| Runtime Security - Behavioral Analytics at host and container level | syscall-activity-strace falco-change-rule |
| Runtime Security - Immutability of containers at runtime | immutability-readonly-fs |
| Runtime Security - Auditing | auditing-enable-audit-logs |
| System Hardening - Kernel Hardening Tools | apparmor |
| System Hardening - Reduce Attack Surface | system-hardening-close-open-ports system-hardening-manage-packages |