Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Mastering Kubernetes API Security and Network Policies
Rating: 4.2 out of 5(18 ratings)
95 students

Mastering Kubernetes API Security and Network Policies

Learn to secure Kubernetes API, enforce network policies, and enhance cluster security for the CKS certification.
Created byShikhar Verma
Last updated 3/2025
English

What you'll learn

  • Understand and Implement RBAC Policies to secure Kubernetes API access effectively.
  • Gain Hands-On Experience by implementing Role-Based Access Control (RBAC) in Kubernetes through practical labs.
  • Configure Client Authentication using SSL/TLS certificates for secure Kubernetes communication.
  • Set Up and Manage Client Credentials in the Kubernetes configuration file.
  • Deep Dive into RBAC Components, including Roles and RoleBindings, to control access within the cluster.
  • Expand RBAC Permissions to enable users to manage Pods within a specific namespace.
  • Access and Work with a Minikube Kubernetes Cluster as a designated user with controlled privileges.
  • Design and Implement Network Policies to regulate Pod-to-Pod communication securely.
  • Enforce Pod-to-Pod Communication Restrictions using Network Policies in a hands-on lab session.
  • Configure Selective Network Policies to allow controlled communication between specific Pods.
  • Secure an Nginx Server on a Kubernetes cluster using HTTPS (TLS encryption) for enhanced security.

Course content

12 sections70 lectures3h 17m total length
  • Introduction to the Course Module2:42
  • The Kubernetes Cluster Architecture8:23
  • Learn Architecture Through Examples4:48
  • Getting Started with Kubernetes3:34
  • Control Plane Components in Kubernetes (Master Node)2:54
  • Kubernetes Scheduler: A Key Control Plane Component2:13
  • Kubernetes Controller Manager1:52

    Explore how the Kubernetes controller manager on the master node enforces the desired state by coordinating with the scheduler to scale containers until actual matches desired.

Requirements

  • Basic Understanding of Kubernetes
  • Fundamental Knowledge of Linux Commands
  • Familiarity with YAML
  • Experience with Kubernetes CLI (kubectl)
  • Some Exposure to Cloud Platforms like AWS

Description

Kubernetes is the backbone of modern cloud-native applications, but securing its API and network communication is critical. In this course, you will learn how to protect your Kubernetes environment from unauthorized access, enforce security policies, and ensure encrypted communication between services.

Course Content


Architecture of the Kubernetes Cluster

  • Understanding the Kubernetes architecture with examples

  • Working with Kubernetes

  • Roles of the Master Node

  • Components of the Control Plane (Master Node)

    API Server

    Etcd

    Scheduler

    Controller Manager

  • Kubelet

  • Service Proxy

  • POD (Pod)

  • Container Engine (Docker, Containerd, or Rocket)

RBAC Policies for Securing Kubernetes API Access

  • Introduction

  • Key components of RBAC

  • How RBAC works in Kubernetes API Access?

  • How Role and RoleBinding Work Together

  • Kubernetes Roles: Defining Permissions and Access

  • Permissions Granted by Kubernetes Roles

  • Create a role

  • Bind the Role to a User or Service Account

Hands-On Lab: Implementing RBAC in Kubernetes

  • Introduction to Scenario-Based RBAC Exercises

  • Set Up a VM for a Minikube Cluster

  • Set Up a K8s Minikube Cluster – Part 1

  • Set Up a K8s Minikube Cluster – Part 2

  • Set Up a K8s Minikube Cluster – Part 3

  • Start the K8s Minikube Cluster

  • Create a Namespace and Run a Pod

Client Authentication using SSL/TLS Certificates

  • Overview of Client Certificate Generation

  • Generate a Private Key

  • Generate a Certificate Signing Request (CSR)

  • Sign a CSR with Minikube's CA to Generate a User Certificate

  • Set Client Credentials in Kubernetes Config

  • Verify User Credentials in Kubernetes Config

RBAC: Role and RoleBinding

  • Create a Role

  • Verify the Role and Its Associated Permissions

  • Create a RoleBinding to Assign a User

  • Test RBAC Permissions

Expand RBAC Permissions to Manage Pods in a Namespace

  • Generate a Private Key and CSR

  • Generate a User Certificate by Signing CSR with Minikube CA

  • Set User Credentials in Kubernetes (K8s)

  • Create a Role with Specific Permissions

  • Create a RoleBinding

  • RBAC Testing: Validate Permissions

Access the K8s Minikube Cluster as a User

  • List and Manage Kubernetes Contexts

  • Set Up a Kubernetes Context for a User

  • Verify RBAC Permissions in a New Context

  • Set Up a K8s Context for a Different User

  • Test RBAC Permissions for Pod Creation

  • Modify RBAC Role Permissions in K8s

Implement and Test Network Policies for Pod Communication

  • Introduction to Kubernetes Network Policies

  • Why Restrict Pod-To-Pod Communication?

  • Understanding K8s Network Policies and CNI Plugins

  • Example Use Case Scenarios

Hands-On Lab: Enforcing Pod-to-Pod Restrictions with Network Policies

  • Set Up a VM for a Kubernetes Cluster

  • Start Minikube with Cilium CNI

  • Deploy Two Pods and Assign Labels

  • Test Pod-to-Pod Connectivity with Curl

  • Create a Network Policy to Restrict Pod Communication

  • Verify Pod-to-Pod Connectivity is Blocked

  • Network Policy to Restrict Ingress and Egress Traffic

Configuring Network Policy for Selective Pod Communication

  • Overview of Selective Pod Communication

  • Network Policy for Selective Pod Communication

  • Test Pod Connectivity

  • Deploy a Pod and Verify Its Network Connectivity

Securing, Deploying, and Accessing Nginx in Kubernetes

  • Overview of Securing Nginx with HTTPS

  • Deploy and Expose a Nginx Pod to External Traffic

  • Access Nginx Web Server Through HTTP

  • Set Up Nginx on Host Machine for Accessing Nginx Pod

  • Access Nginx Web Server via Web Browser (HTTP Only)

Secure Nginx Server with HTTPS (TLS) on K8s Cluster

  • Deploy and Expose a Nginx Pod to External Traffic

  • Generate a self-signed TLS Certificate

  • Store the TLS Certificate as a Secret

  • Check Minikube’s Ingress Controller Status

  • Create Ingress Resource for HTTPS

  • Last lecture

Who this course is for:

  • DevOps Engineers – Looking to implement secure access controls and network policies in Kubernetes environments.
  • Cloud Engineers & Architects
  • Software Developers
  • IT Professionals & Enthusiasts – Anyone interested in learning Kubernetes security best practices.