Would like to add few security aspects which I have been using so hope others can also take them into consideration: 1. Applying k8s policies using KYVERNO to restrict security policies in k8s resources. 2. Using Manifest/Helm scanners tools like CHECKOV or DATREE to avoid any misconfigurations or vulnerabilities in them. 3. Using cluster scanners or RBAC Visulizers like KUBESCAPE. 4. Using Docker image signing and attestation tool like COSIGN. 5. Following CIS benchmarks for K8s or Cloud on which k8s hosted. 6. Securing Ingress using TLS. 7. Secrets Encryption using sealed secrets or external secret operator. 8. Using Distroless images for building containers.
Abhishek, you're great!!! I have taken full DevOps classes but never understood a lot until I started following you! I came into Devops with a little IT background as a data analyst. Thank a lot!!! Can you do a short video to explain various web applications( Nginx, apache tomcat, etc) and how often DevOps Engineer encounter them..and other applications that DevOps Engineers most often deploy. Please 🙏...
Hello Abhishek. Thank you so much….really hat’s off you for such an amazing content with easily understandable language & your dedication🤩🤩🤩 If possible please make more such videos on Security / DevSecOps related topics. Thanks a lot 🤩🤩🤩
Abhisek your content is great and the way you teach is really superb. only one correction, I guess the image scan command is docker snyk not docker synk if I am correct. please correct me if I am wrong
@Abhishek, thanks for this detailed lecture. I need clarification on securing the API-SERVER. If we are using Amazon EKS, I thought since Amazon handles the control plane where the API-SERVER is located, it handles the security of every component involved. With this video, I am assuming we still need to take an extra step to secure it
Great video! Please I have a quick question: Why do DevOps engineers need to secure etcd and the API server when using EKS, AKS, or GKE? Isn't that the responsibility of the cloud provider?
Hi Abhishek i have been following all your videos from long time and they are very helpful, ,,,, but after watching this "secure k8 videos like a pro" which video i have to watch next since i am bit confused pls help me and suggest because in this video you have exlained securing k8 with 7 points and from the begining i would like to see the practical for all thse points which you have explained , please tell me where you have done the Practical video for these points mentioned in the video so that i can go through them .
Nice Video...Can you Please explain the link between Google optimize and A/B testing with Kubernetes cluster and One more Keycloak.link.woth oidc..What's the link between these two..I m getting confused..
very nice explanation abhi sir but i have a doubt here you have mentioned docker scan in github repo but in video you said docker sync . Is it docker scan or docker sync??????
Hi Abhishek, thank you so much for content, i am more focussed towards devsecops, should i finish your zero to hero kubernetes coarse before i start this video?
Hi Abhishek, is it possible to make hands on in this video? Bcz usually in EKS we won’t be maintaining control plane right so how to implement security for eks clusters?
Hey Abhishek.. Can you give us a trick or any plan that we can remember all these aws service, kubernetes topic so that it will be easy for the interview,, because there are so many topic on devops and not every one have sharp minded.. so hope you understand and give us a solution for this.. Thank you❤
Hi sir. First of all thank you for the quality of your contents. I have an issue when implementing the cicd with Argo. I import the repo and when it comes to the Jenkins file I am lost. Wondering if you can go over how you configure it ?
@@AbhishekVeeramalla I was doing it with the video but I didn’t see the part where you went through the Jenkins file configuration. I tried to figure out but with no success. I will try again today.
@@AbhishekVeeramalla 6th point of this video you told Sysdig works like a deamon set if some hacker is attacking in that way can't be done by prometheus and grafana ?
This video is not part of devops zero to hero. Please check again. This is only part of kubernetes playlist and if u want to learn kubernetes advanced u need to Learn this
Thanks!
Thanks for supporting the channel 😍
East are West abhishek anna is best 😊
Haha
So true anna
Would like to add few security aspects which I have been using so hope others can also take them into consideration:
1. Applying k8s policies using KYVERNO to restrict security policies in k8s resources.
2. Using Manifest/Helm scanners tools like CHECKOV or DATREE to avoid any misconfigurations or vulnerabilities in them.
3. Using cluster scanners or RBAC Visulizers like KUBESCAPE.
4. Using Docker image signing and attestation tool like COSIGN.
5. Following CIS benchmarks for K8s or Cloud on which k8s hosted.
6. Securing Ingress using TLS.
7. Secrets Encryption using sealed secrets or external secret operator.
8. Using Distroless images for building containers.
1st point is covered in latest video
Will do others soon. Thanks for sharing Gourav
You are one of the best. Thank you sir. wonderful video.
you have so muck knowlegde and patience to explain all concept so nicely
Abhishek, you're great!!! I have taken full DevOps classes but never understood a lot until I started following you! I came into Devops with a little IT background as a data analyst.
Thank a lot!!!
Can you do a short video to explain various web applications( Nginx, apache tomcat, etc) and how often DevOps Engineer encounter them..and other applications that DevOps Engineers most often deploy. Please 🙏...
Thanks and noted
thank you anna my day finishes with your videos......
😍
Great efforts abhishek👏👏
Each & every video of u making the devops/Kubernetes learning journey simple & interesting.
Thanks once again.
😍
Papa you are giving such gifts that i can't even explain.. Thank you ❤
😍
Please make and upload videos with practical examples on these topics what you have mentioned in this video. It will be very helpful for us.
@Abhishek, Thanks a lot for your video on most awaited topic
Welcome
Good content for free is dream in this selfish world. But some worriers like Abhishek prove it wrong...
Thanks a lot
Its very quality & valuable content brother😊
😍
beautiful explanation sir....... thank you so much....👌👌👌👌👌
❤️
Hello Abhishek. Thank you so much….really hat’s off you for such an amazing content with easily understandable language & your dedication🤩🤩🤩
If possible please make more such videos on Security / DevSecOps related topics.
Thanks a lot 🤩🤩🤩
😍
Abhisek your content is great and the way you teach is really superb. only one correction, I guess the image scan command is docker snyk not docker synk if I am correct. please correct me if I am wrong
U r correct .. sorry for the typo and mispronunciation
The best one best this space thanks a million sir ❤
Hi,,, Please make the demo part on Rbac , Network policy and rest of the topics ...it will be very helpful 🙏🙏
Sure
@Abhishek, thanks for this detailed lecture. I need clarification on securing the API-SERVER. If we are using Amazon EKS, I thought since Amazon handles the control plane where the API-SERVER is located, it handles the security of every component involved. With this video, I am assuming we still need to take an extra step to secure it
Will cover that
Yeah Abhishek bro is the best ❤❤
😍
Great video! Please I have a quick question: Why do DevOps engineers need to secure etcd and the API server when using EKS, AKS, or GKE? Isn't that the responsibility of the cloud provider?
Hi Abhishek i have been following all your videos from long time and they are very helpful, ,,,, but after watching this "secure k8 videos like a pro" which video i have to watch next since i am bit confused pls help me and suggest because in this video you have exlained securing k8 with 7 points and from the begining i would like to see the practical for all thse points which you have explained , please tell me where you have done the Practical video for these points mentioned in the video so that i can go through them .
Nice Video...Can you Please explain the link between Google optimize and A/B testing with Kubernetes cluster and One more Keycloak.link.woth oidc..What's the link between these two..I m getting confused..
Ok noted
Thanks for your reply@@AbhishekVeeramalla ... Eagerly Waiting for your Video...😍😍
very nice explanation abhi sir but i have a doubt here you have mentioned docker scan in github repo but in video you said docker sync .
Is it docker scan or docker sync??????
synk is a tool that performs scanning on docker images. docker scan internally uses synk.
Hi Abhishek, thank you so much for content, i am more focussed towards devsecops, should i finish your zero to hero kubernetes coarse before i start this video?
If u don’t have understanding of k8s yes
Hai Abhishek. Verramalla can we expect this in the practical video it might be helpful for a better understanding
It will be too lengthy .. I will think of something
Fantastic session bro.
Hi Abhishek thanks for the video...one doubt the command is snyk or synk?
snyk , sorry for the typo
@@AbhishekVeeramalla thanks Abhishek. Just wanted to clarify 😊
Thnx anna
If possible please do a video on how to make ATS resume for freshers on AWS with DevOps please anna
Noted
Hi Abhishek, is it possible to make hands on in this video? Bcz usually in EKS we won’t be maintaining control plane right so how to implement security for eks clusters?
Thank you for all the contents
Welcome
Hey Abhishek.. Can you give us a trick or any plan that we can remember all these aws service, kubernetes topic so that it will be easy for the interview,, because there are so many topic on devops and not every one have sharp minded.. so hope you understand and give us a solution for this.. Thank you❤
Informative..!!👍
😍
Hi abhishek, i love your content.. Can you please make a series on azure devops ??? Please.... Please...
Noted
@@AbhishekVeeramalla thank you abhishek ♥️♥️
Hi sir. First of all thank you for the quality of your contents. I have an issue when implementing the cicd with Argo. I import the repo and when it comes to the Jenkins file I am lost. Wondering if you can go over how you configure it ?
Please watch the ultimate cicd pipeline viceo
@@AbhishekVeeramalla I was doing it with the video but I didn’t see the part where you went through the Jenkins file configuration. I tried to figure out but with no success. I will try again today.
Which part you faced issue..
I would like to inquire if Vault can be used for encryption of the ETCD
I haven’t explored that much .. sorry
31:00, is it Docker scout or Synk. I mean sync is another project and I can see the Docker Scout!
Snyk
Abhishek bhai❤
Welcome
This is an excellent Video with a bundles of Knowledge....Thanks for this awesome Video ❤
😍
snyk and sysdig are the tool to scan images
If I am using AKS, then is the API server is already secured since master node is managed by Azure or it is not required?
Ingress graphana prompetus those all use in Aks na not in use those all in eks.
They are used in aws as well
Thank you
Welcome
Thanks
Thanks for contributing to the channel
Great videos Abhishek!
Can you plz make videos on how to handle volume in kubernetes?
Noted
Pod container security kuda adutunaaru anna
Adi kuda cheddam aithe emundi
Cluster monitoring can't be done by Prometheus or grafana ?
For example ?
@@AbhishekVeeramalla 6th point of this video you told Sysdig works like a deamon set if some hacker is attacking in that way can't be done by prometheus and grafana ?
Thanks
Welcome
Sir,
Can you explain in hindi also
Many subscribers don’t understand hindi bro
where is the practical sesion video for all these 7 security steps ? Can any one ping here the link
do you mean docker snyk here?
yes
First view sir
Thanks alot
Bro. This security of kubernetes playliat or devops hero zero playlist confused with which playlist and what order should be flowed pls tell
This video is not part of devops zero to hero. Please check again.
This is only part of kubernetes playlist and if u want to learn kubernetes advanced u need to
Learn this
@@AbhishekVeeramalla understood bro thanks lot for detailed explanation