Introduction

1. Introduction

Earlier in this course, you learned how to run workloads within a GKE cluster. Now you’ll focus on securing your cluster and applications by establishing appropriate access control mechanisms. This is essential for ensuring that only authorized users can perform specific actions within your GKE environment, thereby protecting your valuable resources. In this section titled, “Access Control and Security in Kubernetes and Google Kubernetes Engine”, you’ll explore Kubernetes authentication and authorization; examine Kubernetes role-based access controls and how it works with IAM to secure GKE clusters; configure Workload Identity to access Google Cloud services from within GKE; secure GKE with Kubernetes Pod Security Standards and Pod Security Admission; and implement Role-Based Access Control with GKE.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.

This exercise is part of the course

Architecting with Google Kubernetes Engine: Production

IntermediateSkill Level

5.0+

Start Course for Free

In this introduction, you'll explore the course goals and preview each section.

Exercise 1: Production Course introduction

In this section of the course, you'll learn about Kubernetes security, focusing on authentication and authorization. You'll explore Kubernetes Role-Based Access Control (RBAC) and its integration with IAM to secure GKE clusters. You'll also learn how to configure Workload Identity, secure GKE with Pod Security Standards and Pod Security Admission, and implement RBAC within your GKE environment.

Exercise 1: Introduction

Current Exercise

Exercise 2: Authentication and authorization Exercise 3: Kubernetes role-based access control Exercise 4: Workload Identity Exercise 5: Kubernetes control plane security Exercise 6: Pod security Exercise 7: PodSecurityAdmission Exercise 8: Quiz Question 1 Exercise 9: Quiz Question 2 Exercise 10: Quiz Question 3 Exercise 11: Quiz Question 4

In this section of the course, you'll learn how to monitor and log your Kubernetes applications using Google Cloud's observability tools. You'll configure Google Cloud Observability to monitor the availability and performance of your applications and gain hands-on experience inspecting logs using both the kubectl command and the Google Cloud Observability tools. You'll then learn how to configure GKE-native monitoring and logging, allowing you to proactively identify and troubleshoot issues within your Kubernetes clusters.

Exercise 1: Introduction Exercise 2: Google Cloud Observability Exercise 3: Cloud Logging Exercise 4: Cloud Monitoring Exercise 5: Inspecting logs with the kubectl command Exercise 6: Inspecting logs with Cloud Logging and Logging Agents Exercise 7: StackdriverMonitoringAndLogging16 Exercise 8: Quiz Question 1 Exercise 9: Quiz Question 2 Exercise 10: Quiz Question 3 Exercise 11: Quiz Question 4

In this section of the course, you'll explore the storage and database options available for your Kubernetes applications on Google Cloud. You'll compare managed and self-managed storage, learn about Cloud Storage for Kubernetes, and get an overview of Google Cloud's managed database services. You'll then learn how to securely connect to Cloud SQL from your GKE clusters and gain hands-on experience integrating Cloud SQL with Google Kubernetes Engine.

Exercise 1: Introduction Exercise 2: Using Google Cloud Services Exercise 3: Using Cloud Storage Exercise 4: Using Google Cloud Databases Exercise 5: Using Cloud SQL and SQL Auth Proxy Exercise 6: Comparing storage options Exercise 7: GKE and Cloud SQL Exercise 8: Quiz Question 1 Exercise 9: Quiz Question 2 Exercise 10: Quiz Question 3 Exercise 11: Quiz Question 4

In this section of the course, you'll discover the benefits of Continuous Integration and Continuous Delivery (CI/CD) for streamlining your development and deployment workflows. You'll learn what CI/CD is, why it's important, and how it can optimize application releases. You'll explore CI/CD tools supported by Google Cloud and learn Google's best practices for building CI/CD pipelines on Google Kubernetes Engine.

Exercise 1: Introduction Exercise 2: What is CI/CD?Exercise 3: Constructing a CI/CD pipeline Exercise 4: CI/CD tools available in Google Cloud Exercise 5: Best practices for using CI/CD on Google Cloud Exercise 6: CICD with cloud deploy Exercise 7: Quiz Question 1 Exercise 8: Quiz Question 2 Exercise 9: Quiz Question 3 Exercise 10: Quiz Question 4

The course closes with a summary of the key points covered in each section.

Exercise 1: Course summary

Student PDF links to all modules

Exercise 1: Course Resources