
Explore how the Kubernetes controller manager on the master node enforces the desired state by coordinating with the scheduler to scale containers until actual matches desired.
Define Kubernetes role permissions by specifying verbs and resources to grant a service account access in a namespace, illustrating read access to pods and restricted cross-namespace actions.
Bind a role to a user or service account within a namespace using a role binding. Learn about api version, kind, metadata, subject, and roleRef fields and external authentication.
Set up a minikube kubernetes cluster on ubuntu by updating the system, installing docker, kubectl, and minikube, and enabling the ubuntu user to run docker without sudo.
Generate a client certificate to authenticate with a minikube cluster by signing a CSR with the minikube CA using OpenSSL, producing a signed user certificate valid for 365 days.
Create a role in the target namespace to grant get, list, and watch access to pods, defined in a YAML RBAC file and applied with kubectl.
Create a new kubernetes context for a user with limited permissions (list, watch, get) named mini user desk context, linking cluster mini cube and namespace my dash namespace.
Test RBAC permissions for pod creation and deletion in the my desk namespace using a DevOps user; verify allowed operations and restricted access in the default namespace.
Explore concrete use case scenarios for network policies, enabling traffic between specific ports, restricting all others, denying ingress or egress to certain namespaces, and implementing zero trust networking.
Start Minikube with the Cilium CNI, verify Cilium components, and practice restricting port-to-port communication with network policies between two nginx alpine pods.
Assess pod-to-pod connectivity in kubernetes by applying a default deny policy and refining it to allow only pod a to reach pod b, tested via kubectl exec and curl.
Kubernetes is the backbone of modern cloud-native applications, but securing its API and network communication is critical. In this course, you will learn how to protect your Kubernetes environment from unauthorized access, enforce security policies, and ensure encrypted communication between services.
Course Content
Architecture of the Kubernetes Cluster
Understanding the Kubernetes architecture with examples
Working with Kubernetes
Roles of the Master Node
Components of the Control Plane (Master Node)
API Server
Etcd
Scheduler
Controller Manager
Kubelet
Service Proxy
POD (Pod)
Container Engine (Docker, Containerd, or Rocket)
RBAC Policies for Securing Kubernetes API Access
Introduction
Key components of RBAC
How RBAC works in Kubernetes API Access?
How Role and RoleBinding Work Together
Kubernetes Roles: Defining Permissions and Access
Permissions Granted by Kubernetes Roles
Create a role
Bind the Role to a User or Service Account
Hands-On Lab: Implementing RBAC in Kubernetes
Introduction to Scenario-Based RBAC Exercises
Set Up a VM for a Minikube Cluster
Set Up a K8s Minikube Cluster – Part 1
Set Up a K8s Minikube Cluster – Part 2
Set Up a K8s Minikube Cluster – Part 3
Start the K8s Minikube Cluster
Create a Namespace and Run a Pod
Client Authentication using SSL/TLS Certificates
Overview of Client Certificate Generation
Generate a Private Key
Generate a Certificate Signing Request (CSR)
Sign a CSR with Minikube's CA to Generate a User Certificate
Set Client Credentials in Kubernetes Config
Verify User Credentials in Kubernetes Config
RBAC: Role and RoleBinding
Create a Role
Verify the Role and Its Associated Permissions
Create a RoleBinding to Assign a User
Test RBAC Permissions
Expand RBAC Permissions to Manage Pods in a Namespace
Generate a Private Key and CSR
Generate a User Certificate by Signing CSR with Minikube CA
Set User Credentials in Kubernetes (K8s)
Create a Role with Specific Permissions
Create a RoleBinding
RBAC Testing: Validate Permissions
Access the K8s Minikube Cluster as a User
List and Manage Kubernetes Contexts
Set Up a Kubernetes Context for a User
Verify RBAC Permissions in a New Context
Set Up a K8s Context for a Different User
Test RBAC Permissions for Pod Creation
Modify RBAC Role Permissions in K8s
Implement and Test Network Policies for Pod Communication
Introduction to Kubernetes Network Policies
Why Restrict Pod-To-Pod Communication?
Understanding K8s Network Policies and CNI Plugins
Example Use Case Scenarios
Hands-On Lab: Enforcing Pod-to-Pod Restrictions with Network Policies
Set Up a VM for a Kubernetes Cluster
Start Minikube with Cilium CNI
Deploy Two Pods and Assign Labels
Test Pod-to-Pod Connectivity with Curl
Create a Network Policy to Restrict Pod Communication
Verify Pod-to-Pod Connectivity is Blocked
Network Policy to Restrict Ingress and Egress Traffic
Configuring Network Policy for Selective Pod Communication
Overview of Selective Pod Communication
Network Policy for Selective Pod Communication
Test Pod Connectivity
Deploy a Pod and Verify Its Network Connectivity
Securing, Deploying, and Accessing Nginx in Kubernetes
Overview of Securing Nginx with HTTPS
Deploy and Expose a Nginx Pod to External Traffic
Access Nginx Web Server Through HTTP
Set Up Nginx on Host Machine for Accessing Nginx Pod
Access Nginx Web Server via Web Browser (HTTP Only)
Secure Nginx Server with HTTPS (TLS) on K8s Cluster
Deploy and Expose a Nginx Pod to External Traffic
Generate a self-signed TLS Certificate
Store the TLS Certificate as a Secret
Check Minikube’s Ingress Controller Status
Create Ingress Resource for HTTPS
Last lecture