Week 16: Security & Compliance

Theme: Security scanning, pod security standards, supply chain security, compliance frameworks.

Learning Objectives

  1. Implement Pod Security Standards (Baseline, Restricted)
  2. Set up container image signing with Cosign
  3. Implement admission controllers (OPA Gatekeeper or Kyverno)
  4. Understand compliance frameworks (PCI-DSS, SOC2, ISO 27001)

Reading Materials

Finger Exercises (choose 2)

  1. Apply a Pod Security Standard of "Restricted" to the prod namespace. Fix the Go app Deployment to comply.
  2. Sign a container image with Cosign (keyless mode). Verify the signature before deployment in CI.
  3. Write a Kyverno policy: deny images with :latest tag. Only allow semver-tagged images.

Project

Time Budget

ActivityTime
Reading1.5 hrs
Finger exercises1.5 hrs
Project3 hrs
Total6 hrs