Skip to content
hands-on lab

Securing Kubernetes Clusters

Difficulty: Advanced
Duration: Up to 2 hours
Students: 1,566
Rating: 4.7/5
Start lab
On average, students complete this lab in1h 10m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
About
Author

Description

Warning:

This lab has been outdated and split into a set of smaller labs covering the topics in an easier-to-consume format.

Lab Overview

There are many facets to security in Kubernetes. One small oversight can leave your cluster vulnerable to leaking sensitive data, running foreign workloads, and a host of other attacks. This Lab shows you how to practice defense in depth in Kubernetes by covering the main security concepts including authentication, authorization, network policies, security contexts, and secrets. Examples of potential exploits from improperly configured clusters are also illustrated followed by guidance on how to prevent the attacks.

This Lab is valuable to anyone working with Kubernetes, but the content has been prepared considering topics described in the Certified Kubernetes Administrator (CKA) Exam Curriculum. Completion of the Lab will help you get hands-on experience, which is essential for passing the CKA exam.

 

Lab Objectives

Upon completion of this Lab you will be able to:

  • Understand Kubernetes' authentication model
  • Create users and groups in Kubernetes and use role-based access control for authorization
  • Configure network policies to control pod communication
  • Use pod and container security contexts to harden your environments
  • Securely store sensitive information using Kubernetes secrets

Lab Prerequisites

You should be familiar with:

  • Working with Kubernetes to deploy applications
  • Working at the command line in Linux
  • Public Key Infrastructure (PKI), particularly using OpenSSL to generate keys and certificates

The following Labs can be used to fulfill the prerequisites: Deploy a Stateless Application in a Kubernetes ClusterDeploy a Stateful Application in a Kubernetes Cluster, and Best Practices for Deploying SSL/TLS.

Updates

October 19th, 2022 - Updated to run Kubernetes 1.24

March 8th, 2022 - Resolved an issue causing an environment error

October 23rd, 2021 - Resolved an issue causing the Kubernetes cluster to fail to create

October 20th, 2021 - Updated lab to use EC2 Instance Connect

August 31st, 2020 - Updated lab for the new EC2 user interface

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

Environment before

Environment after

Covered topics

Deployment
Compute
DevOps
Security
Kubernetes
Hands-on Lab UUID

Lab steps

0 of 9 steps completed.Use arrow keys to navigate between steps. Press Enter to go to a step if available.
  1. Logging In to the Amazon Web Services Console
  2. Understanding the Kubernetes Cluster Architecture
  3. Connecting to the Kubernetes Cluster Through a Bastion Host
  4. Configuring Kubernetes Authentication
  5. Configuring Kubernetes Authorization
  6. Configuring Kubernetes Network Policies
  7. Using Kubernetes Security Contexts
  8. Working with Kuberenetes Secrets
  9. Validate AWS Lab

Lab Rules