Secure Workloads in Google Kubernetes Engine
Advanced 7 Steps 8 hours 53 Credits
Get Anthos Ready. This second Google Kubernetes Engine-centric Quest of best practices hands-on labs focuses on security at scale when deploying and managing production GKE environments -- specifically role-based access control, hardening, VPC networking, and binary authorization. Complete this quest, including the the challenge lab at the end, to receive an exclusive Google Cloud digital badge.
Prerequisites:It is recommended that students have completed the first Quest in this series Google Kubernetes Best Practices before attempting these labs.
This lab teaches you how to migrate a stateless application from running on a VM to running on Kubernetes Engine (GKE). You will learn about the lifecycle of an application transitioning from a typical VM/OS-based deployment to three different containerized cloud infrastructure platforms.
In this lab you learn how to improve the security of your Kubernetes Engine by applying fine-grained restrictions to limit intra-cluster network communication.
After provisioning two service accounts to represent user personas and three namespaces: dev, test, and prod, you will test the access controls of the personals in each namespace.
This lab deploys a Kubernetes Engine Cluster with the Binary Authorization feature enabled; you'll learn how to whitelist approved container registries and the process of creating and running a signed container.
In this lab you will learn how Kubernetes Engine security features can be used to grant varying levels of privilege to applications based on their particular requirements
This lab demonstrates some of the security concerns of a default GKE cluster configuration and the corresponding hardening measures to prevent multiple paths of pod escape and cluster privilege escalation
This challenge lab tests your skills and knowledge from the labs in the Kubernetes in Google Cloud quest. You should be familiar with the content of the labs before attempting this lab.