Back to Browse

Day 54 - Kubernetes Pod Security Standard, Linux Capabilities, and Security Context

4.3K views
Premiered Jun 17, 2025
41:49

Welcome to Day 54 of CKA 2025 series! In this video, we dive deep into essential concepts for securing your containerized applications on Kubernetes. We'll break down the Kubernetes Pod Security Standards (PSS), understanding why they are crucial for setting security policies across your clusters. Beyond policies, we'll explore the underlying Linux Capabilities mechanism โ€“ a powerful way to grant specific privileges to processes without giving them full root access, significantly reducing the attack surface. Finally, we'll connect these concepts by demonstrating how to implement granular security settings for your pods and containers using the `securityContext` field in your Kubernetes YAML manifests. You'll learn how to control user/group IDs, manage capabilities, prevent privilege escalation, and more. By the end of this video, you'll have a solid understanding of how to leverage Kubernetes security features to build more secure applications. This is a must-watch for anyone running workloads on Kubernetes. What you'll learn in this video: * What the Kubernetes Pod Security Standards (PSS) are and their importance. * How Linux Capabilities provide fine-grained permissions. * How to configure `securityContext` in Kubernetes for pods and containers. * Practical ways to enhance pod security using `securityContext` fields. * Aligning your pod configurations with PSS best practices. Timestamps: 00:00 Introduction to Kubernetes Security 01:35 Understanding Pod Security Standards (PSS) 05:10 Deep Dive into Linux Capabilities 10:45 Implementing Security Context in Kubernetes 18:00 Configuration Examples and Best Practices 24:30 Hands-on demo Subscribe for more Kubernetes and cloud-native security content! ๐Ÿ‘จโ€๐Ÿ’ป GitHub repo : https://github.com/piyushsachdeva/CKA-2024/ CKA 2025 Labs from KodeKloud: https://kode.wiki/4d24Q9Z KodeKloud free playground: https://kode.wiki/4dRmXA1 ๐—–๐—ข๐— ๐—ฃ๐—Ÿ๐—˜๐—ง๐—˜ COURSES ๐Ÿ‘Œ Itโ€™s ๐Ÿ…ต๐Ÿ†๐Ÿ…ด๐Ÿ…ด โ›ณ โœ… Terraform Full Course For Beginners - #28daysofAZTerraform https://www.youtube.com/playlist?list=PLl4APkPHzsUUHlbhuq9V02n9AMLPySoEQ โœ… Certified Kubernetes Administrator (CKA) 2024 https://www.youtube.com/playlist?list=PLl4APkPHzsUUOkOv3i62UidrLmSB8DcGC โœ… ๐—”๐˜‡๐˜‚๐—ฟ๐—ฒ ๐——๐—ฒ๐˜ƒ๐—ข๐—ฝ๐˜€ ๐—ญ๐—ฒ๐—ฟ๐—ผ ๐˜๐—ผ ๐—›๐—ฒ๐—ฟ๐—ผ: https://www.youtube.com/playlist?list=PLl4APkPHzsUXseJO1a03CtfRDzr2hivbD โœ… ๐—”๐—ญ๐Ÿต๐Ÿฌ๐Ÿฌ ๐—”๐˜‡๐˜‚๐—ฟ๐—ฒ ๐—™๐˜‚๐—ป๐—ฑ๐—ฎ๐—บ๐—ฒ๐—ป๐˜๐—ฎ๐—น๐˜€ ๐—™๐˜‚๐—น๐—น ๐—–๐—ผ๐˜‚๐—ฟ๐˜€๐—ฒ https://www.youtube.com/playlist?list=PLl4APkPHzsUUOCWcjaXcH-WBVxCccZ4uO โœ… ๐—ก๐—ฎ๐—บ๐—ฎ๐˜€๐˜๐—ฒ ๐—š๐—ผ๐—ผ๐—ด๐—น๐—ฒ ๐—–๐—น๐—ผ๐˜‚๐—ฑ | ๐—š๐—–๐—ฃ ๐—ง๐˜‚๐˜๐—ผ๐—ฟ๐—ถ๐—ฎ๐—น ๐—ณ๐—ผ๐—ฟ ๐—ฏ๐—ฒ๐—ด๐—ถ๐—ป๐—ป๐—ฒ๐—ฟ๐˜€, ๐—ฎ ๐—ฐ๐—ผ๐—บ๐—ฝ๐—น๐—ฒ๐˜๐—ฒ ๐—ฝ๐—น๐—ฎ๐˜†๐—น๐—ถ๐˜€๐˜ ๐—ณ๐—ผ๐—ฟ ๐˜๐—ต๐—ฒ ๐—”๐˜€๐˜€๐—ผ๐—ฐ๐—ถ๐—ฎ๐˜๐—ฒ ๐—–๐—น๐—ผ๐˜‚๐—ฑ ๐—˜๐—ป๐—ด๐—ถ๐—ป๐—ฒ๐—ฒ๐—ฟ (๐—”๐—–๐—˜) ๐—–๐—ฒ๐—ฟ๐˜๐—ถ๐—ณ๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—˜๐˜…๐—ฎ๐—บ: https://www.youtube.com/playlist?list=PLl4APkPHzsUXvkDFARdrH2LMESVqeuH8W โœ… ๐—”๐˜‡๐˜‚๐—ฟ๐—ฒ ๐——๐—ฎ๐˜๐—ฎ ๐—ณ๐˜‚๐—ป๐—ฑ๐—ฎ๐—บ๐—ฒ๐—ป๐˜๐—ฎ๐—น๐˜€ ๐——๐—ฃ ๐Ÿต๐Ÿฌ๐Ÿฌ ๐—ณ๐˜‚๐—น๐—น ๐—ฐ๐—ผ๐˜‚๐—ฟ๐˜€๐—ฒ https://www.youtube.com/playlist?list=PLl4APkPHzsUUd4rzzHEpHMsyD5PbVWz1I โœ… ๐—๐—ฒ๐—ป๐—ธ๐—ถ๐—ป๐˜€ ๐—ง๐˜‚๐˜๐—ผ๐—ฟ๐—ถ๐—ฎ๐—น ๐—ณ๐—ผ๐—ฟ ๐—•๐—ฒ๐—ด๐—ถ๐—ป๐—ป๐—ฒ๐—ฟ๐˜€ https://www.youtube.com/playlist?list=PLl4APkPHzsUV3pz6zRpFJe3A4wTM2Pjvv โœ… ๐Ÿญ๐Ÿฌ๐˜„๐—ฒ๐—ฒ๐—ธ๐˜€๐—ผ๐—ณ๐—ฐ๐—น๐—ผ๐˜‚๐—ฑ๐—ผ๐—ฝ๐˜€ - ๐—ฅ๐—ฒ๐—ฎ๐—น-๐˜๐—ถ๐—บ๐—ฒ ๐—ฐ๐—ผ๐—บ๐—ฝ๐—น๐—ฒ๐˜… ๐—ต๐—ฎ๐—ป๐—ฑ๐˜€-๐—ผ๐—ป ๐—ฝ๐—ฟ๐—ผ๐—ท๐—ฒ๐—ฐ๐˜๐˜€ ๐—ผ๐—ป ๐—–๐—น๐—ผ๐˜‚๐—ฑ ๐—ฎ๐—ป๐—ฑ ๐——๐—ฒ๐˜ƒ๐—ข๐—ฝ๐˜€ https://www.youtube.com/playlist?list=PLl4APkPHzsUUc8HOEIwfB3Z2uxRv2SKOG โœ… ๐——๐—ฒ๐˜ƒ๐—ข๐—ฝ๐˜€ ๐—ฎ๐—ป๐—ฑ ๐—–๐—น๐—ผ๐˜‚๐—ฑ ๐—ฃ๐—ผ๐—ฑ๐—ฐ๐—ฎ๐˜€๐˜๐˜€: https://www.youtube.com/playlist?list=PLl4APkPHzsUWr7SI4Kym5dr80DovuSbL2 โœ… ๐—š๐—ถ๐˜๐—น๐—ฎ๐—ฏ ๐—–๐—œ ๐—–๐—— ๐—ง๐˜‚๐˜๐—ผ๐—ฟ๐—ถ๐—ฎ๐—น | ๐—˜๐—ป๐—ฑ ๐—ง๐—ผ ๐—˜๐—ป๐—ฑ ๐—ฅ๐—ฒ๐—ฎ๐—น-๐˜๐—ถ๐—บ๐—ฒ ๐—ฃ๐—ฟ๐—ผ๐—ท๐—ฒ๐—ฐ๐˜ [๐—™๐˜‚๐—น๐—น ๐—–๐—ผ๐˜‚๐—ฟ๐˜€๐—ฒ] https://youtu.be/uYaMRn2meJQ Subscribe to our channel to get notified about the latest videos. ๐Ÿ”ฅ https://www.youtube.com/TechTutorialswithPiyush ๐Ÿ‘จโ€๐Ÿ’ป Got a video request? submit it using the below link or vote on the existing requests https://request.techtutorialswithpiyush.com/ ----------------------------------------------------------------------------------------------------------------------- ๐—–๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜ ๐—บ๐—ฒ ๐—›๐—ฒ๐—ฟ๐—ฒ:๐Ÿ‘‡๐Ÿ‘‡ ๐Ÿ”ฅ๐—ฌ๐—ผ๐˜‚๐—ง๐˜‚๐—ฏ๐—ฒ โ–ถ https://www.youtube.com/TechTutorialswithPiyush โ›ณ๐—Ÿ๐—ถ๐—ป๐—ธ๐—ฒ๐—ฑ๐—œ๐—ป โ–ถ https://www.linkedin.com/in/piyush-sachdeva/ ๐Ÿš€๐—œ๐—ป๐˜€๐˜๐—ฎ๐—ด๐—ฟ๐—ฎ๐—บ โ–ถ https://www.instagram.com/techtutorialswithpiyush/ ๐ŸŒ๐—ง๐˜„๐—ถ๐˜๐˜๐—ฒ๐—ฟ โ–ถ https://twitter.com/techie_piyush ๐Ÿ‘จโ€๐Ÿ’ป ๐—š๐—ถ๐˜๐—ต๐˜‚๐—ฏ โ–ถ https://github.com/piyushsachdeva โœ ๐— ๐—ฒ๐—ฑ๐—ถ๐˜‚๐—บ.๐—ฐ๐—ผ๐—บ โ–ถ https://medium.com/@piyush.sachdeva055 ๐Ÿ“š ๐—ฑ๐—ฒ๐˜ƒ.๐˜๐—ผ โ–ถ https://dev.to/piyushsachdeva โœจ๐——๐—ถ๐˜€๐—ฐ๐—ผ๐—ฟ๐—ฑ โ–ถ https://discord.gg/TNCs4BRzq8 ----------------------------------------------------------------------------------------------------------------------- References ๐Ÿ“š: #devops #techtutorialswithpiyush

Download

0 formats

No download links available.

Day 54 - Kubernetes Pod Security Standard, Linux Capabilities, and Security Context | NatokHD