This course explores how to secure your deployment pipelines on GCP. We will cover the four main techniques to securely build and deploy containers using Google Cloud and you will follow along with guided demonstrations from Google Cloud Platform so that you get a practical understanding of the techniques covered.
If you have any feedback relating to this course, please contact us at support@cloudacademy.com.
Learning Objectives
By completing this course, you will understand:
- The advantages of using Google managed base images
- How to detect security vulnerabilities in containers using Container Analysis
- How to create and enforce GKE deployment policies using Binary Authorization
- How to unauthorized changes to production using IAM
Intended Audience
This course is intended for:
- Infrastructure/Release engineers interested in the basics of building a secure CI/CD pipeline in GCP
- Security professionals who want to familiarize themselves with some of the common security tools Google provides for container deployment
- Anyone taking the Google “Professional Cloud DevOps Engineer” certification exam
Prerequisites
To get the most out of this course, you should be familiar with:
- Building CI/CD pipelines
- Building containers and deploying them to Kubernetes
- Setting up IAM roles and policies
All right. Well, time to wrap things up by reviewing everything I covered. In this course, I presented four techniques for building a secure deployment pipeline. First, by using managed base images from the GCP marketplace. This will ensure that your containers have the latest operating system security patches. Second, by scanning your container images stored in your container and artifact registry with container analysis. This will help identify security problems and give you details about their severity in addition to any known fixes. Third, by using binary authorization to define and enforce policies for your Kubernetes clusters. This will ensure every image that makes it to production has passed every defined check point. And finally, by configuring custom IAM policies with minimal permissions to ensure that no one can bypass your new security policies.
Well, that's all I have for you today. Remember to give this course a rating. And if you have any questions or comments, please let us know. Thank you for watching and make sure to check out our many other courses on Cloud Academy.
Daniel began his career as a Software Engineer, focusing mostly on web and mobile development. After twenty years of dealing with insufficient training and fragmented documentation, he decided to use his extensive experience to help the next generation of engineers.
Daniel has spent his most recent years designing and running technical classes for both Amazon and Microsoft. Today at Cloud Academy, he is working on building out an extensive Google Cloud training library.
When he isn’t working or tinkering in his home lab, Daniel enjoys BBQing, target shooting, and watching classic movies.