Kubernetes provides three access control layers to secure the Kubernetes API server:

1. Authentication: Requests sent to the API server are authenticated to prove the identity of the requester, be it a normal user or a service account, and are rejected otherwise.
2. Authorization: The action specified in the request must be in the list of actions the authenticated user is allowed to perform or it is rejected.
3. Admission Control: Authorized requests must then pass through all of the admission controllers configured in the cluster (excluding read-only requests) before any action is performed.

You will gain a basic understanding of each layer and how each can impact requests sent to the cluster.

This lab is valuable to anyone working with Kubernetes, but the content has been prepared considering topics described in the Certified Kubernetes Application Developer (CKAD) Exam Curriculum. Completion of the lab will help you get hands-on experience, which is essential for passing the CKAD exam.

Learning Objectives

• Understand authentication, authorization and admission control in the Kubernetes API

Intended Audience

• Kubernetes admins and operators
• Application developers and DevOps engineers deploying applications in containers and using or considering Kubernetes
• This lab is recommended for Certified Kubernetes Application Developer (CKAD) examinees

Prerequisites

• Knowledge of Kubernetes ServiceAccounts and Secrets
• Experience with kubectl

You can complete the Mastering Kubernetes Pod Configuration: Service Accounts lab and the Mastering Kubernetes Pod Configuration: Config Maps and Secrets lab to satisfy the prerequisites.

Updates

September 6th, 2022 - Updated to run Kubernetes 1.24