Securing Kubernetes Clusters

Lab Steps

Logging in to the Amazon Web Services Console
Understanding the Kubernetes Cluster Architecture
Connecting to the Virtual Machine using SSH with Agent Forwarding
Configuring Kubernetes Authentication
Configuring Kubernetes Authorization
Configuring Kubernetes Network Policies
Using Kubernetes Pod Security Contexts
Working with Kuberenetes Secrets
Validate AWS Lab

The hands-on lab is part of these learning paths

Building, Deploying, and Running Containers in Production
course-steps 5 certification 3 lab-steps 14 description 1
Certified Kubernetes Administrator (CKA) Exam Preparation
course-steps 4 certification 2 lab-steps 7

Ready for the real environment experience?

Time Limit2h
star star star star star-half


Lab Overview

There are many facets to security in Kubernetes. One small oversight can leave your cluster vulnerable to leaking sensitive data, running foreign workloads, and a host of other attacks. This Lab shows you how to practice defense in depth in Kubernetes by covering the main security concepts including authentication, authorization, network policies, security contexts, and secrets. Examples of potential exploits from improperly configured clusters are also illustrated followed by guidance on how to prevent the attacks.

This Lab is valuable to anyone working with Kubernetes, but the content has been prepared considering topics described in the Certified Kubernetes Administrator (CKA) Exam Curriculum. Completion of the Lab will help you get hands-on experience, which is essential for passing the CKA exam.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Understand Kubernetes' authentication model
  • Create users and groups in Kubernetes and use role-based access control for authorization
  • Configure network policies to control pod communication
  • Use pod and container security contexts to harden your environments
  • Securely store sensitive information using Kubernetes secrets

Lab Prerequisites

You should be familiar with:

  • Working with Kubernetes to deploy applications
  • Working at the command line in Linux
  • Public Key Infrastructure (PKI), particularly using OpenSSL to generate keys and certificates

The following Labs can be used to fulfill the prerequisites: Deploy a Stateless Application in a Kubernetes ClusterDeploy a Stateful Application in a Kubernetes Cluster, and Best Practices for Deploying SSL/TLS.


January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

Environment before
Environment after

About the Author

Learning paths12

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), Linux Foundation Certified System Administrator (LFCS), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.