Understand Kubernetes API Access Control Mechanisms

Lab Steps

lock
Connecting to the Kubernetes Cluster
lock
Understanding Kubernetes Authentication
lock
Understanding Kubernetes Authorization
lock
Understanding Kubernetes Admission Control

The hands-on lab is part of this learning path

Ready for the real environment experience?

DifficultyBeginner
Time Limit1h
Students48
Ratings
5/5
starstarstarstarstar

Description

Kubernetes provides three access control layers to secure the Kubernetes API server:

  1. Authentication: Requests sent to the API server are authenticated to prove the identity of the requester, be it a normal user or a service account, and are rejected otherwise.
  2. Authorization: The action specified in the request must be in the list of actions the authenticated user is allowed to perform or it is rejected.
  3. Admission Control: Authorized requests must then pass through all of the admission controllers configured in the cluster (excluding read-only requests) before any action is performed.

You will gain a basic understanding of each layer and how each can impact requests sent to the cluster.

This lab is valuable to anyone working with Kubernetes, but the content has been prepared considering topics described in the Certified Kubernetes Application Developer (CKAD) Exam Curriculum. Completion of the lab will help you get hands-on experience, which is essential for passing the CKAD exam.

Learning Objectives

  • Understand authentication, authorization and admission control in the Kubernetes API

Intended Audience

  • Kubernetes admins and operators
  • Application developers and DevOps engineers deploying applications in containers and using or considering Kubernetes
  • This lab is recommended for Certified Kubernetes Application Developer (CKAD) examinees

Prerequisites

  • Knowledge of Kubernetes ServiceAccounts and Secrets
  • Experience with kubectl

You can complete the Mastering Kubernetes Pod Configuration: Service Accounts lab and the Mastering Kubernetes Pod Configuration: Config Maps and Secrets lab to satisfy the prerequisites.

Environment before
PREVIEW
arrow_forward
Environment after
PREVIEW
About the Author
Students111684
Labs180
Courses9
Learning paths30

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.