Analyzing Kubernetes YAML Files for Security Best Practices

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

YAML files are often used to define Kubernetes objects. As such, a risky or insecure configuration can often be traced back to one of these files. This lab will allow you to try your hand at spotting some of these bad practices by examining some Kubernetes YAML.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Check the securi-api-deployment.yml File

You can find the file at /home/cloud_user/securi-api-deployment.yml.

Edit the file to remove any major security issues or bad security practices.

Check the datamonitor-pod.yml File

You can find the file at /home/cloud_user/datamonitor-pod.yml.

Edit the file to remove any major security issues or bad security practices.

Check the securi-users-deployment.yml File

You can find the file at /home/cloud_user/securi-users-deployment.yml.

Edit the file to remove any major security issues or bad security practices.

Additional Resources

Your company, SecuriCorp, is using Kubernetes to run a variety of applications. Your developers are developing some applications and have created some Kubernetes manifest YAML files that they plan to deploy to the cluster.

You have been asked to look over these YAML files to determine if there are any security issues or bad practices and fix them. Each YAML file has at least one security issue. Edit the YAML to correct the issue(s).

Note: Since this is an initial release, the latest version for all images is currently 0.0.1.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?