From ec67771eedf34735f62c851d63ecc2af8c04fff9 Mon Sep 17 00:00:00 2001
From: leandrocostam <leandrocostam@gmail.com>
Date: Fri, 25 Feb 2022 09:39:32 +0100
Subject: [PATCH] feat: Add conteto to cluster setup section

---
 README.md | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4daa78e..6364553 100644
--- a/README.md
+++ b/README.md
@@ -32,16 +32,51 @@ Exam objectives that outline of the knowledge, skills and abilities that a Certi
 
 - Use Network security policies to restrict cluster level access
 
+    - [Kubernetes Documentation > Concepts > Services, Load Balancing, and Networking > Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+
 - Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
 
+    - [CIS Security > Securing Kubernetes](https://www.cisecurity.org/benchmark/kubernetes)
+    - [Cloud Native Wiki - CIS Benchmark Best Practices](https://www.aquasec.com/cloud-native-academy/kubernetes-in-production/kubernetes-cis-benchmark-best-practices-in-brief/)
+    - [GitHub > Aqua Security > kube-bench](https://github.com/aquasecurity/kube-bench)
+
 - Properly set up Ingress objects with security control
 
+    - [Kubernetes Documentation > Concepts > Services, Load Balancing, and Networking > Ingress > TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls)
+
 - Protect node metadata and endpoints
 
+    - [Kubernetes Documentation > Tasks > Administer a Cluster > Securing a Cluster](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access)
+
+        ```yaml
+        # all pods in namespace cannot access metadata endpoint
+        apiVersion: networking.k8s.io/v1
+        kind: NetworkPolicy
+        metadata:
+        name: cloud-metadata-deny
+        namespace: default
+        spec:
+        podSelector: {}
+        policyTypes:
+        - Egress
+        egress:
+        - to:
+            - ipBlock:
+                cidr: 0.0.0.0/0
+                except:
+                - 169.254.169.254/32
+        ```
+
 - Minimize use of, and access to, GUI elements
 
+    - [Kubernetes Documentation > Tasks > Access Applications in a Cluster > Deploy and Access the Kubernetes Dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/#accessing-the-dashboard-ui)
+
 - Verify platform binaries before deploying
 
+    - [Kubernetes Documentation > Tasks > Install Tools > Install and Set Up kubectl on Linux](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/)
+
+        > Note: Check the step 2 - validate binary
+
 ## Cluster Hardening (15%)
 
 - Restrict access to Kubernetes API
@@ -99,7 +134,7 @@ Exam objectives that outline of the knowledge, skills and abilities that a Certi
 # CKS Preparation Courses
 
 - [Certified Kubernetes Security Specialist (CKS) - A Cloud Guru (formerly Linux Academy)](https://acloudguru.com/course/certified-kubernetes-security-specialist-cks)
-- [Udemy - Kubernetes CKS by Kim Wüstkamp)](https://www.udemy.com/course/certified-kubernetes-security-specialist/)
+- [KodeKloud - Certified Kubernetes Security Specialist (CKS)](https://kodekloud.com/courses/certified-kubernetes-security-specialist-cks/)
 
 # kubectl Ninja