Learning Path: Kubernetes Security

Kubernetes Authentication & Authorization

Authentication and Access Control are essential, keystone controls for your Kubernetes Cluster. However, this is the most attacked and compromised facet of Kubernetes Clusters as well. Attackers leverage weak permissions and privileges quite extensively, to compromise the entire cluster. In this class, we’ll be looking at a comprehensive perspective of Authentication and Access Control. Kubernetes provides a plethora of options and configuration parameters for Authentication and Access Control.

You’ll learn how you can enable Certificate Authentication, setup Service Accounts and additionally, you’ll learn how you can restrict permissions of users and service accounts with Role and RoleBindings scoped to namespaces or the cluster itself. In addition, you’ll learn how you can identify misconfigurations in Authentication and Access Control privileges within the cluster with the aid of automated tools.

Finally, you’ll also be introduced to scalable Authentication and Access Control when you can integrate your Kubernetes Cluster with an Identity Provider with OAuth and OIDC for Federated and Highly scalable Authentication and Access Control for your Kubernetes Cluster.

Beginner Proficiency
Cloud Security Expert
4 hours
14 lessons
1 Cloud Lab

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • Certificates in Kubernetes
  • Kubernetes AuthN and AuthZ Overview
  • Authentication Modes and Authorization Models
  • Users, ServiceAccounts, RoleBindings and Cluster RoleBindings
  • Authorization Modes
  • Lab: Role Based Access Control Lab