You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Kubernetes security is a multi-layered concern spanning authentication, authorisation, pod-level controls, secrets management, and supply chain security. This lesson covers RBAC, ServiceAccounts, PodSecurityStandards, secrets management, and image scanning.
┌──────────────────────────────────────────────┐
│ Layer 1: Authentication │
│ "Who are you?" (certs, tokens, OIDC) │
├──────────────────────────────────────────────┤
│ Layer 2: Authorisation (RBAC) │
│ "What can you do?" (roles, bindings) │
├──────────────────────────────────────────────┤
│ Layer 3: Admission Control │
│ "Is this request allowed?" (webhooks, PSS) │
├──────────────────────────────────────────────┤
│ Layer 4: Runtime Security │
│ "Is the pod behaving?" (seccomp, AppArmor) │
├──────────────────────────────────────────────┤
│ Layer 5: Network Security │
│ "Who can talk to whom?" (NetworkPolicies) │
└──────────────────────────────────────────────┘
RBAC controls who can perform which actions on which resources.
| Resource | Scope | Description |
|---|---|---|
| Role | Namespace | Defines permissions within a namespace |
| ClusterRole | Cluster | Defines permissions cluster-wide |
| RoleBinding | Namespace | Binds a Role/ClusterRole to a user/group |
| ClusterRoleBinding | Cluster | Binds a ClusterRole cluster-wide |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.