Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Protect a Kubernetes Cluster with AppArmor

AppArmor is a great way to provide additional security within a Kubernetes cluster. This lab will allow you to practice your skills with using AppArmor in Kubernetes by installing AppArmor in a cluster and using it to secure some containers.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Advanced
Duration
Clock icon 30m
Published
Clock icon May 19, 2021

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Enforce the AppArmor Profile

    On both the control plane and worker servers, there is an AppArmor profile configuration file located at /home/cloud_user/apparmor-k8s-deny-write. Load the AppArmor profile represented in this file.

    The profile is called k8s-deny-write. It prevents the container from being able to write anything to disk. You will need to load the profile on both the control plane and worker servers.

  2. Challenge

    Configure the password-db Pod to Run Its Container Using the AppArmor Profile

    On the control plane server, there is a Pod in the auth namespace called password-db. This Pod is writing sensitive password information to a log file. The Pod does not actually need to write to the disk in order to its job.

    Apply the k8s-deny-write AppArmor profile to the Pod's container to prevent it from being able to write any sensitive data to the container file system. There is a manifest file or this Pod located at /home/cloud_user/password-db-pod.yml. Once you have made your changes to the manifest file, delete the Pod and use the manifest to re-create it.

    You can check the Pod's log to see whether it is writing sensitive information to the disk.

A Cloud Guru - Labs - Protect a Kubernetes Cluster with AppArmor
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans