Google Kubernetes Engine Security on Google Cloud Platform

A comprehensive guide to securing Google Kubernetes Engine (GKE) using RBAC, network policies, and best practices.

What you'll learn
- Set Up a K8s Cluster using GKE on Google Cloud Platform - GCP
- Learn and Apply RBAC to Secure Kubernetes API Access
- Hands-On RBAC: Secure Kubernetes Access with Practical Labs
- Configure SSL/TLS Certificates for Kubernetes Client Authentication
- Deploy Minikube Kubernetes Cluster on Google Cloud
- Explore RBAC Components Like Roles and RoleBindings to Manage Cluster Access
- Expand RBAC Permissions to enable users to manage Pods within a specific namespace.
- List and Manage Kubernetes Contexts
- Access and Work with a Minikube Kubernetes Cluster as a designated user with controlled privileges.
- Design and Implement Network Policies to regulate Pod-to-Pod communication securely.
- Enforce Pod-to-Pod Communication Restrictions using Network Policies in a hands-on lab session.
- Configure Selective Network Policies to allow controlled communication between specific Pods.
- Secure an Nginx Server on a Kubernetes cluster using HTTPS (TLS encryption) for enhanced security.
- VM Remote Access: Using MobaXterm or PuTTY for Secure Connections

Requirements
- Basic Understanding of Kubernetes
- Fundamental Knowledge of Linux Commands
- Experience with Kubernetes CLI (kubectl)
- Some Exposure to Cloud Platforms like Google Cloud Platform

Description
Understanding Kubernetes: Cluster Components and Architecture

Introduction

The Kubernetes Cluster Architecture

Learn Architecture Through Examples

Getting Started with Kubernetes

Control Plane Components in Kubernetes (Master Node)

Kubernetes Scheduler: A Key Control Plane Component

Kubernetes Controller Manager

Set Up a K8s Cluster on Google Kubernetes Engine (GKE)

Lab 1: Practical Kubernetes Cluster Setup

Lab 2: Practical Kubernetes Cluster Setup

Lab 3: Practical Kubernetes Cluster Setup

Lab 4: Practical Kubernetes Cluster Setup

RBAC Policies for Securing Kubernetes Cluster

Introduction

Key components of RBAC

How RBAC works?

How Role and RoleBinding Work Together

Kubernetes Roles: Defining Permissions and Access

Permissions Granted by Kubernetes Roles

Create a role

Bind the Role to a User or Service Account

Set Up a Minikube Kubernetes Cluster on Google Cloud

Project Overview

Launch VM for Minikube Cluster

Activate Cloud Shell and Connect to VM

Minikube Kubernetes Cluster Setup – Practical Lab 1

Minikube Kubernetes Cluster Setup – Practical Lab 2

Minikube Kubernetes Cluster Setup – Practical Lab 3

Start Minikube and Deploy Nginx Pod

Client Authentication using SSL/TLS Certificate

Set Up New Namespace & Launch Pod

Overview of Client Certificate Generation

Generate a Private Key

Generate a Certificate Signing Request (CSR)

Sign a CSR with Minikube's CA to Generate a User Certificate

Set and Verify Client Credentials in Kubernetes Config

RBAC: Role and RoleBinding

Create a Role

Create RoleBinding to Assign Role to User

Test RBAC Permissions

Access the K8s Minikube Cluster as a User

List and Manage Kubernetes Contexts

Set Up a New Context for a User

Verify RBAC Permissions with New Context

Modify and Test RBAC Role Permissions

Set Up and Verify Network Policies for Pods

Introduction to Kubernetes Network Policies

Why Restrict Pod-To-Pod Communication?

Understanding K8s Network Policies and CNI Plugins

Example Use Case Scenarios

Lab: Restrict Pod Communication Using Network Policies

Start Minikube with Cilium CNI

Create Two Pods with Labels

Verify Pod Connectivity Using Curl

Create Ingress Network Policy to Restrict Pod Access

Check if Pod-to-Pod Access is Blocked

Restrict Ingress/Egress Traffic with Network Policy

VM Remote Access: Using MobaXterm or PuTTY for Secure Connections

Deploy a Virtual Machine

Add User and Setup SSH Authentication

Create SSH Key Pair

Convert Private Key to .ppk Format

VM Access Troubleshooting

Deploy Minikube on Virtual Machine

Initialize Minikube Cluster

Secure Deployment and Access of Nginx on Kubernetes

Overview of Securing Nginx with HTTPS

Deploy and Expose a Nginx Pod to External Traffic

Access Nginx Web Server Through HTTP

Set Up Nginx on Host Machine for Accessing Nginx Pod

Access Nginx Web Server via Web Browser (HTTP Only)

Implement HTTPS for Nginx in a K8s Cluster Using TLS Certificates

Deploy and Expose a Nginx Pod to External Traffic

Generate a self-signed TLS Certificate

Store the TLS Certificate as a Secret

Check Minikube’s Ingress Controller Status

Create Ingress Resource for HTTPS

Last Lecture

Who this course is for:
- DevOps Engineers – Looking to implement secure access controls and network policies in Kubernetes environments.
- Cloud Engineers and Architects
- IT Professionals & Enthusiasts – Anyone interested in learning Kubernetes security best practices.
More Info