Training > Cloud & Containers > Kubernetes Administration (LFS458)
INSTRUCTOR-LED COURSE

Zero Trust Security with SPIFFE and SPIRE (LFS482)

Learn to solve Zero Trust architectural challenges by leveraging SPIFFE and SPIRE.

4.4/5 Stars
Who Is It For
This course is designed for developers, system administrators, security professionals, and architects involved in designing, deploying, and operating medium to large microservice-based systems.
read less read more
What You’ll Learn
This course discusses the patterns and practices necessary for the adoption of Zero Trust Networking, as well as Zero Trust networking implementation models, use cases, scenarios, and outcomes enabled by open source software. You will install, make changes to, and operate SPIFFE and SPIRE deployments and harden your organization’s security postures by operationalizing a “least privilege” authorization model.
read less read more
What It Prepares You For
Upon completion, you’ll be able to plan and implement a Zero Trust security roadmap tailored to your organization, identify security gaps and configure features and functions in an existing infrastructure and application platform environment, and much more.
read less read more
Course Outline
Expand All
Collapse All
Introduction
- The Linux Foundation{
- The Linux Foundation{ Training
- The Linux Foundation{ Certifications
- The Linux Foundation{ Digital Badges
- Laboratory Exercises, Solutions and Resources
- Things Change in Linux and Open Source Projects
- Distribution Details
- Labs
Module 1 - Course Introduction
- Introduction and Course Flow
- Acknowledgements
- Lab 00: Setup
Module 2 - Foundations of Zero Trust
- Objectives
- Introduction to Zero Trust
- Cryptography Fundamentals
- Lab 1: Getting Hands on with PKI
- Authentication, Identity Documents and Authorization
- Module Summary
- Knowledge Test
Module 3 - SPIFFE and SPIRE Concepts
- Objectives
- Introduction to SPIFFE/SPIRE
- SPIFFE Concepts
- SPIRE Components
- Lab 2: Installing and Configuring SPIRE from Binaries
- Module Summary
- Knowledge Test
Module 4 - Using SPIRE
- Objectives
- Configuring SPIRE
- Managing Registration Entries
- Deploying SPIRE
- Lab 3: Setup SPIRE on Kubernetes with Kind
- Module Summary
- Knowledge Test
Module 5 - Workload Identities
- Objectives
- Managing SVIDS
- Lab 4: Getting SVIDS with SPIFFE-Helper
- SVID Operations with Client Libraries
- Lab 5: Using the Workload API with go-spiffe
- Module Summary
- Knowledge Test
Module 6 - AuthZ and Policy Engines
- Objectives
- Introduction to Authorization
- Policy Languages and Tools
- Policy Engines
- Open Policy Agent (OPA)
- Lab 6: Navigating Basic Authorization with Open Policy Agent
- Additional Policy Engines & DSLs
- Module Summary
- Knowledge Test
Module 7 - SPIRE and AuthZ
- Objectives
- AuthZ for the SPIRE Server
- Network AuthZ
- Building an AuthZ Architecture
- Service Mesh
- Zero Trust in Service Mesh
- Lab 7: Integrating SPIRE with OPA and Envoy
- Designing the SPIFFE ID Schema
- SPIRE and OIDC
- Lab 08: OpenID Connect Discovery
- Module Summary
- Knowledge Test
Module 8 - SPIRE Architecture Considerations
- SPIRE Architecture Considerations
- Scaling and Growing SPIRE
- Lab 9: Deploying SPIRE in High Availability Mode
- SPIRE Architectures Continued
- Lab 10: Advanced Configuration 1 - Nested SPIRE
- Federated SPIRE
- Lab 11: Advanced Configuration 2 - Federated SPIRE
- Deployment Sizing Considerations
- Module Summary
- Knowledge Test
Module 9 - SPIRE Day Two Ops
- SPIRE Day Two Operations
- Day Two Operations
- Disaster Recovery
- Resources
- Module Summary
- Knowledge Test
Module 10 - The SPIFFE Ecosystem
- The SPIFFE Ecosystem
- Open Source Integrations
- Vendor integrations
- Summary of SPIRE Integrations
- Lab 12: Cilium with SPIRE
- Module Summary
- Knowledge Test
Solutions
- Module 2 Knowledge Test Solutions
- Module 3 Knowledge Test Solutions
- Module 4 Knowledge Test Solutions
- Module 5 Knowledge Test Solutions
- Module 6 Knowledge Test Solutions
- Module 7 Knowledge Test Solutions
- Module 8 Knowledge Test Solutions
- Module 9 Knowledge Test Solutions
- Module 10 Knowledge Test Solutions
Closing and Evaluation Survey
- Evaluation Survey
Prerequisites
Students should have practical experience with cloud computing platforms, deploying and managing Kubernetes clusters, and be familiar with Linux systems and command-line operations.
LFS482 social graphic
$3250
Dates don't work? Check out our partner schedule
100% Money Back Guarantee
Includes
Live Online (Virtual) or Live (Classroom)
3 days of Instructor-led class time
Hands-on Labs & Assignments
Resources & Course Manual
Certificate of Completion
Digital Badge
Course Rating
4.4/5 Stars
Experience Level: Intermediate
Training more than 10 people?Get a corporate quote
How To Register Someone Other Than YourselfInstructions