Configuring and Managing Kubernetes Security
This course will teach you the fundamentals needed to configure and manage security in Kubernetes clusters.
What you'll learn
In this course, Configuring and Managing Kubernetes Security, you’ll learn the foundations needed for securing access to your Kubernetes Cluster. First, you’ll explore Kubernetes security fundamentals, learning how authentication and authorization work to control access to the Kubernetes API. Then, you’ll learn how certificates are used in Kubernetes and how to create and manage certificates in your cluster. Next, you’ll learn how to create and manage kubeconfig files for accessing clusters and then configure cluster access for a new user. Finally, you’ll learn how to control access to the Kubernetes API with role based access controls. When you’re finished with this course you will have the skills needed to operate and manage security in Kubernetes clusters. This course can also help you prepare for your Certified Kubernetes Administrator (CKA) certification.
Table of contents
- Introduction, Course, and Module Overview 2m
- Securing the API Server and Authentication Plugins 6m
- Users in Kubernetes 3m
- Service Accounts and Service Account Credentials 4m
- Creating a Service Account and Defining a ServiceAccount in a Pod Spec 3m
- Demo: Investigating Certificate Based Authentication 5m
- Demo: Working with Service Accounts 4m
- Demo: Accessing the API Server Inside a Pod 5m
- Demo: Testing API Access with kubectl can-i with Impersonation 2m
- Authorization Plugins 2m
- Demo: Managing Authorization for Service Accounts 4m
- Module Review and What's Next! 1m
- Introduction, Course, and Module Overview 1m
- Certificates and PKI in Kubernetes 4m
- kubeconfig Files and Certificate-based Authentication 2m
- How Certificates Are Used in Kubernetes Clusters 2m
- Demo: Investigating PKI Setup on a Control Plane Node 3m
- Demo: Investigating a Control Plane Pod kubeconfig Configuration 5m
- Creating Certificates with the Certificate API 3m
- Creating a Certificate Signing Request in openssl 2m
- Creating a CertificateSigningRequest Object 2m
- Approving a CertificateSigningRequest and Retrieving a Certificate 1m
- Demo: Creating a Certificate Signing Request for a New User in openssl 2m
- Demo: Creating a CertificateSigningRequest Object, Approving a CertificateSigningRequest and Retrieving a Certificate 5m
- kubeconfig File Overview and Components 3m
- kubeconfig File - admin.conf 2m
- Creating a kubeconfig File Manually 3m
- Demo: Working with kubeconfig Files and Contexts 5m
- Demo: Creating a kubeconfig File for a New User 4m
- Demo: Using a new kubeconfig File with a New User 3m
- Demo: Creating a new Linux User and Configuring Cluster Access 2m
- Module Review and What's Next! 1m
- Introduction, Course, and Module Overview 1m
- Role Based Access Controls and API Objects for RBAC 2m
- Introducing Roles and ClusterRoles 2m
- Introducing RoleBinding and ClusterRoleBinding 2m
- What to Use When? 1m
- Using RBAC in Your Cluster 2m
- Default ClusterRoles 2m
- Defining Role, RoleBinding, ClusterRole, and ClusterRoleBinding 3m
- Creating a Role and a RoleBinding 5m
- Demo: Creating a Role and RoleBinding 5m
- Demo: Testing API Access with kubectl can-i and Impersonation 3m
- Demo: Creating a ClusterRole and ClusterRoleBinding 2m
- Demo: Creating a ClusterRole and RoleBinding 4m
- Demo: Giving a User Full Access to Deployments 4m
- Module Review and Thank You! 1m
About the author
Anthony is a Senior Principal Field Solution Architect at Pure Storage as well as a Pluralsight Author, a Microsoft Data Platform MVP, Linux Expert, and Corporate Problem Solver. Anthony designs solutions, deploys the technology, and provides expertise on business system performance, architecture, and security. Anthony has a Bachelors and Masters in Computer Science with research publications in high performance/low latency data access algorithms and spatial database systems.