hands-on lab

Secure Containers in Kubernetes With AppArmor

Beginner
35m
5
5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

AppArmor is a Linux kernel security module that helps confine programs to a limited set of resources to reduce an application’s attack surface. AppArmor allows for configurable profiles that permit the access needed by an application or container. AppArmor has been included in the mainline Linux kernel since version 2.6.36, is shipped with many Linux distributions, and Kubernetes added support for AppArmor in v1.4.

This lab focuses on the AppArmor profiles. AppArmor is highlighted as a reference tool in the Certified Kubernetes Security Specialist (CKS) exam. You will learn how to create an AppArmor profile and run a with a container within Kubernetes that has an AppArmor profile in this lab.

Learning objectives

Upon completion of this lab, you will be able to:

  • Configure and load an AppArmor profile
  • Use an AppArmor profile to secure a container
  • Execute commands to verify the AppArmor profile is loaded and running

Intended audience

  • Candidates for the Certified Kubernetes Security Specialist (CKS) exam
  • DevOps Engineers
  • Security Practitioners

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • Kubernetes Pods
  • kubectl output formatting

The following content can be used to fulfill the prerequisites:

Environment before
Environment after
About the author
Avatar
Daniel Wood
Lab Operations Specialist
Students
807
Labs
8

Daniel is a Cloud Engineer with experience as an AWS Engineer and Operations Specialist. He holds the AWS DevOps Engineer Professional, AWS Developer Associate, AWS SysOps Administrator Associate, Certified Kubernetes Administrator, Microsoft Certified: Azure Administrator Associate, and HashiCorp Certified: Terraform Associate certifications. Daniel is focused on lab operations and enjoys continuously building his knowledge.

Covered topics
Lab steps
Connecting to the Kubernetes Cluster
Configure an AppArmor Profile
Secure a Container With an AppArmor Profile