You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Securing a GKE cluster requires a defence-in-depth approach — controlling who can access the cluster (authentication and authorisation), what pods can communicate with each other (network policies), and how workloads access Google Cloud services (Workload Identity). This lesson covers the key security controls available in GKE.
GKE uses Google Cloud IAM for cluster authentication. Users and service accounts authenticate using their Google Cloud credentials.
| Role | Permissions |
|---|---|
| roles/container.admin | Full access to clusters and workloads |
| roles/container.clusterAdmin | Full access to cluster management (not workloads) |
| roles/container.developer | Deploy workloads, read cluster state |
| roles/container.viewer | Read-only access to clusters and workloads |
Kubernetes RBAC controls what authenticated users and service accounts can do within the cluster. RBAC uses four key resources:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.