Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Google Kubernetes Engine Security on Google Cloud Platform
27 students

Google Kubernetes Engine Security on Google Cloud Platform

A comprehensive guide to securing Google Kubernetes Engine (GKE) using RBAC, network policies, and best practices.
Created byShikhar Verma
Last updated 4/2025
English

What you'll learn

  • Set Up a K8s Cluster using GKE on Google Cloud Platform - GCP
  • Learn and Apply RBAC to Secure Kubernetes API Access
  • Hands-On RBAC: Secure Kubernetes Access with Practical Labs
  • Configure SSL/TLS Certificates for Kubernetes Client Authentication
  • Deploy Minikube Kubernetes Cluster on Google Cloud
  • Explore RBAC Components Like Roles and RoleBindings to Manage Cluster Access
  • Expand RBAC Permissions to enable users to manage Pods within a specific namespace.
  • List and Manage Kubernetes Contexts
  • Access and Work with a Minikube Kubernetes Cluster as a designated user with controlled privileges.
  • Design and Implement Network Policies to regulate Pod-to-Pod communication securely.
  • Enforce Pod-to-Pod Communication Restrictions using Network Policies in a hands-on lab session.
  • Configure Selective Network Policies to allow controlled communication between specific Pods.
  • Secure an Nginx Server on a Kubernetes cluster using HTTPS (TLS encryption) for enhanced security.
  • VM Remote Access: Using MobaXterm or PuTTY for Secure Connections

Course content

12 sections67 lectures3h 2m total length
  • Introduction1:38
  • The Kubernetes Cluster Architecture8:23
  • Learn Architecture Through Examples4:48

    Explore how a Kubernetes cluster handles an nginx deployment by stepping through API server, controller manager, scheduler, kubelet, and kube-proxy, illustrating pod creation, IP allocation, and fault recovery.

  • Getting Started with Kubernetes3:34
  • Control Plane Components in Kubernetes (Master Node)2:54
  • Kubernetes Scheduler: A Key Control Plane Component2:13
  • Kubernetes Controller Manager1:52

    The controller manager on the master node ensures the cluster's actual state matches the desired state, using the api server and scheduler to deploy containers.

Requirements

  • Basic Understanding of Kubernetes
  • Fundamental Knowledge of Linux Commands
  • Experience with Kubernetes CLI (kubectl)
  • Some Exposure to Cloud Platforms like Google Cloud Platform

Description

Understanding Kubernetes: Cluster Components and Architecture

  • Introduction

  • The Kubernetes Cluster Architecture

  • Learn Architecture Through Examples

  • Getting Started with Kubernetes

  • Control Plane Components in Kubernetes (Master Node)

  • Kubernetes Scheduler: A Key Control Plane Component

  • Kubernetes Controller Manager

Set Up a K8s Cluster on Google Kubernetes Engine (GKE)

  • Lab 1: Practical Kubernetes Cluster Setup

  • Lab 2: Practical Kubernetes Cluster Setup

  • Lab 3: Practical Kubernetes Cluster Setup

  • Lab 4: Practical Kubernetes Cluster Setup

RBAC Policies for Securing Kubernetes Cluster

  • Introduction

  • Key components of RBAC

  • How RBAC works?

  • How Role and RoleBinding Work Together

  • Kubernetes Roles: Defining Permissions and Access

  • Permissions Granted by Kubernetes Roles

  • Create a role

  • Bind the Role to a User or Service Account

Set Up a Minikube Kubernetes Cluster on Google Cloud

  • Project Overview

  • Launch VM for Minikube Cluster

  • Activate Cloud Shell and Connect to VM

  • Minikube Kubernetes Cluster Setup – Practical Lab 1

  • Minikube Kubernetes Cluster Setup – Practical Lab 2

  • Minikube Kubernetes Cluster Setup – Practical Lab 3

  • Start Minikube and Deploy Nginx Pod

Client Authentication using SSL/TLS Certificate

  • Set Up New Namespace & Launch Pod

  • Overview of Client Certificate Generation

  • Generate a Private Key

  • Generate a Certificate Signing Request (CSR)

  • Sign a CSR with Minikube's CA to Generate a User Certificate

  • Set and Verify Client Credentials in Kubernetes Config

RBAC: Role and RoleBinding

  • Create a Role

  • Create RoleBinding to Assign Role to User

  • Test RBAC Permissions

Access the K8s Minikube Cluster as a User

  • List and Manage Kubernetes Contexts

  • Set Up a New Context for a User

  • Verify RBAC Permissions with New Context

  • Modify and Test RBAC Role Permissions

Set Up and Verify Network Policies for Pods

  • Introduction to Kubernetes Network Policies

  • Why Restrict Pod-To-Pod Communication?

  • Understanding K8s Network Policies and CNI Plugins

  • Example Use Case Scenarios

Lab: Restrict Pod Communication Using Network Policies

  • Start Minikube with Cilium CNI

  • Create Two Pods with Labels

  • Verify Pod Connectivity Using Curl

  • Create Ingress Network Policy to Restrict Pod Access

  • Check if Pod-to-Pod Access is Blocked

  • Restrict Ingress/Egress Traffic with Network Policy

VM Remote Access: Using MobaXterm or PuTTY for Secure Connections

  • Deploy a Virtual Machine

  • Add User and Setup SSH Authentication

  • Create SSH Key Pair

  • Convert Private Key to .ppk Format

  • VM Access Troubleshooting

  • Deploy Minikube on Virtual Machine

  • Initialize Minikube Cluster

Secure Deployment and Access of Nginx on Kubernetes

  • Overview of Securing Nginx with HTTPS

  • Deploy and Expose a Nginx Pod to External Traffic

  • Access Nginx Web Server Through HTTP

  • Set Up Nginx on Host Machine for Accessing Nginx Pod

  • Access Nginx Web Server via Web Browser (HTTP Only)

Implement HTTPS for Nginx in a K8s Cluster Using TLS Certificates

  • Deploy and Expose a Nginx Pod to External Traffic

  • Generate a self-signed TLS Certificate

  • Store the TLS Certificate as a Secret

  • Check Minikube’s Ingress Controller Status

  • Create Ingress Resource for HTTPS

  • Last Lecture

Who this course is for:

  • DevOps Engineers – Looking to implement secure access controls and network policies in Kubernetes environments.
  • Cloud Engineers and Architects
  • IT Professionals & Enthusiasts – Anyone interested in learning Kubernetes security best practices.