CloudAcademy

Securing Kubernetes Clusters

Lab Steps

keyboard_tab
lock
Logging in to the Amazon Web Services Console
lock
Understanding the Kubernetes Cluster Architecture
lock
Connecting to the Virtual Machine using SSH with Agent Forwarding
lock
Configuring Kubernetes Authentication
lock
Configuring Kubernetes Authorization
lock
Configuring Kubernetes Network Policies
lock
Using Kubernetes Pod Security Contexts
lock
Working with Kuberenetes Secrets

Ready for the real environment experience?

DifficultyAdvanced
Duration2h
Students20

Description

Lab Overview

There are many facets to security in Kubernetes. One small oversight can leave your cluster vulnerable to leaking sensitive data, running foreign workloads, and a host of other attacks. This Lab shows you how to practice defense in depth in Kubernetes by covering the main security concepts including authentication, authorization, network policies, security contexts, and secrets. Examples of potential exploits from improperly configured clusters are also illustrated followed by guidance on how to prevent the attacks.

This Lab is valuable to anyone working with Kubernetes, but the content has been prepared considering topics described in the Certified Kubernetes Administrator (CKA) Exam Curriculum. Completion of the Lab will help you get hands-on experience, which is essential for passing the CKA exam.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Understand Kubernetes' authentication model
  • Create users and groups in Kubernetes and use role-based access control for authorization
  • Configure network policies to control pod communication
  • Use pod and container security contexts to harden your environments
  • Securely store sensitive information using Kubernetes secrets

Lab Prerequisites

You should be familiar with:

  • Working with Kubernetes to deploy applications
  • Working at the command line in Linux
  • Public Key Infrastructure (PKI), particularly using OpenSSL to generate keys and certificates

The following Labs can be used to fulfill the prerequisites: Deploy a Stateless Application in a Kubernetes ClusterDeploy a Stateful Application in a Kubernetes Cluster, and Best Practices for Deploying SSL/TLS.

Environment before
PREVIEW
arrow_forward
Environment after
PREVIEW

About the Author

Students7087
Labs59
Courses3
Learning paths2

Logan has been involved in software development and research for over eleven years, including six years in the cloud. He is an AWS Certified DevOps Engineer - Professional, MCSE: Cloud Platform and Infrastructure, and Certified Kubernetes Administrator (CKA). He earned his Ph.D. studying design automation and enjoys all things tech.

Covered Topics