Description

Introduction

Security is a core pillar of running production-grade Kubernetes and OpenShift environments. This course focuses on securing your OpenShift cluster through comprehensive access control mechanisms and policy management. You’ll learn to implement Role-Based Access Control (RBAC), integrate identity providers, manage secure API access, and enforce security policies across your container workloads. Ideal for cluster administrators, DevOps engineers, and security professionals, this training delivers the expertise to protect applications and infrastructure in multi-user environments.

Prerequisites

• Basic knowledge of OpenShift or Kubernetes administration

• Familiarity with Linux command-line tools

• Understanding of containers and YAML-based configuration

• Awareness of authentication and identity management concepts

• Access to an OpenShift environment with admin privileges

Table of Contents

1. Introduction to OpenShift Security Architecture

    1.1 Control Plane and Data Plane Security
    1.2 Multi-Tenant Security Concepts
    1.3 API Server Security and Resource Isolation

2. Role-Based Access Control (RBAC)

    2.1 Understanding Roles, RoleBindings, and ClusterRoles
    2.2 Creating and Assigning Custom Roles
    2.3 Auditing RBAC Permissions

3. Authentication Strategies

    3.1 Integrating Identity Providers (LDAP, GitHub, SAML, etc.)
    3.2 Configuring OAuth and Token Lifetimes
    3.3 Managing User and Group Access

4. API and CLI Access Control

    4.1 Securing Access to the OpenShift API
    4.2 Enforcing Secure CLI Usage
    4.3 Managing ServiceAccounts for Automation

5. Network Policy and Isolation

    5.1 Creating NetworkPolicies for Pod Communication
    5.2 Limiting Cross-Namespace Traffic
    5.3 Applying Security at the Network Layer

6. Security Contexts and Pod Policies

    6.1 PodSecurityAdmission and PodSecurityContext
    6.2 SecComp, Capabilities, and Read-Only File Systems
    6.3 Running Non-Root Containers

7. OpenShift Security Context Constraints (SCCs)

    7.1 SCC Overview and Default Constraints
    7.2 Creating Custom SCCs
    7.3 Assigning SCCs to ServiceAccounts

8. Image Security and Validation

    8.1 Enforcing Signed Images and Trusted Registries
    8.2 Using ImageStreams and Quarantine Workflows
    8.3 Integrating with Image Scanning Tools

9. Secrets and ConfigMaps Management

    9.1 Storing and Mounting Secrets Securely
    9.2 Limiting Secret Exposure with RBAC
    9.3 Encryption at Rest for Sensitive Data

10. Audit Logging and Compliance

    10.1 Enabling and Analyzing Audit Logs
    10.2 Compliance Benchmarks (e.g., CIS, NIST)
    10.3 Logging and Monitoring Tools for Security Events

11. Advanced Security Integrations

    11.1 Integrating with SIEM Tools
    11.2 Using Service Mesh for Zero-Trust Security
    11.3 Security Automation with GitOps

12. Best Practices and Hardening Tips

    12.1 Least Privilege Principle
    12.2 Policy-Driven Access Control
    12.3 Regular Reviews and Secret Rotation

Securing an OpenShift cluster goes beyond firewall rules—it involves granular access controls, secure workload configurations, and continuous auditing. This course has provided the essential practices to manage access, enforce policies, and integrate with enterprise identity and security platforms. With these capabilities, you’ll ensure your OpenShift environment remains secure, compliant, and resilient against threats.