- Lab
- Core Tech
Securing Kubernetes API and Network Policies for CKS
In this lab, you will use Minikube in a Kubernetes environment to practice securing API access with RBAC, enforcing network policies using Cilium CNI, and enabling TLS encryption for NGINX services with a self-signed certificate. A preconfigured Minikube cluster will be provided, along with pre-downloaded Docker images (NGINX and Cilium) on an Ubuntu server. You will deploy and configure an NGINX server, RBAC policies, network restrictions, and test pods to apply security best practices in a controlled Kubernetes environment.
Path Info
Table of Contents
-
Challenge
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
-
Challenge
Enforcing Secure API Access with Kubernetes RBAC Policies
In this challenge, you will configure and enforce Role-Based Access Control (RBAC) policies to restrict access to the Kubernetes API. You will work within a dedicated namespace to enhance resource isolation and security. By the end of this lab, you will have hands-on experience creating namespaces, service accounts, roles, and role bindings, as well as testing RBAC permissions to strengthen Kubernetes security.
-
Challenge
Implement and Verify Network Policies for Restricting Pod-to-Pod Communication
You will manage communication between Pods in Kubernetes using network policies with Minikube and Cilium. In this challenge, you will learn how to control and restrict traffic between Pods based on security requirements. By implementing network policies, you will ensure that only authorized Pods communicate, strengthening the security of your Kubernetes setup and preventing unauthorized access.
With Cilium, you will gain advanced security and visibility over Pod-to-Pod traffic, making your network faster and more secure.
-
Challenge
Securing Nginx Server with HTTPS (TLS) on Minikube
In this challenge, you will deploy an Nginx server on Minikube, expose it over HTTPS using TLS encryption, and configure an Ingress resource to manage secure communications. The goal is to understand how to enable secure communication between Kubernetes components and services using encryption techniques such as TLS.
-
Challenge
The Last Challenge
Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.