The course is aimed to help cluster operators adapt Kubernetes to the needs of their work and developers build Kubernetes-style APIs on the top of Kubernetes.

k8s-go.tar.gz

k8s-go-v2

go-env-v2

Kubernetes is a popular open-source container orchestration system that automates the deployment, scaling, and management of containerized applications. This course is designed to provide a comprehensive understanding of Kubernetes and its programming concepts. You’ll dive deep into advanced topics of Kubernetes.

This course will cover topics such as Kubernetes architecture, frameworks, plugins, and interfaces. You’ll also learn the powerful extensibilities of Kubernetes and make full use of these built-in capabilities to build your customized Kubernetes.

This course is ideal for developers, DevOps engineers, and system administrators who want to learn how to master Kubernetes. By the end of the course, you’ll have a solid understanding of Kubernetes, its programming concepts, and be able to deploy, scale, and manage containerized customizations on Kubernetes. You will also get hands-on experience extending Kubernetes to meet your requirements.

Programming with Kubernetes

## The security center of Kubernetes

The `kube-apiserver` is the heart of a Kubernetes cluster. All the system-level authentications (`AuthN`) and authorizations (`AuthZ`) are handled by it. `AuthX` usually refers to both `AuthN` and `AuthZ`. We can also say that the `kube-apiserver` is the security center of Kubernetes.

We could run the `kube-apiserver` with insecure settings, but that isn't suggested, especially in production environments. It's strongly suggested to enable transport layer security (TLS) between all the Kubernetes components. This helps improve the whole cluster's security.

Just as the graph below shows, all the requests that are being sent to the `kube-apiserver` need to pass through the authentication, authorization, and admission control stages, and then come to the final resource validation and persistent storing stages.

# The security center of Kubernetes

The `kube-apiserver` is the heart of a Kubernetes cluster. All the system-level authentications (`AuthN`) and authorizations (`AuthZ`) are handled by it. `AuthX` usually refers to both `AuthN` and `AuthZ`. We can also say that the `kube-apiserver` is the security center of Kubernetes.

We could run the `kube-apiserver` with insecure settings, but that isn't suggested, especially in production environments. It's strongly suggested to enable transport layer security (TLS) between all the Kubernetes components. This helps improve the whole cluster's security.

Just as the graph below shows, all the requests that are being sent to the `kube-apiserver` need to pass through the authentication, authorization, and admission control stages, and then come to the final resource validation and persistent storing stages.

Get introduced to authentication and authorization in Kubernetes.

Before Getting Started

Kubernetes Architecture

Customizing AuthX

Dynamic Admission Control

Customizing Schedulers

Extending APIs with CustomResourceDefinition (CRD)

Extending APIs with Aggregated APIServer

Container Network Interface

Container Runtime Interface

Extend kubectl

How to Write Good Kubernetes Operators

Assessment of Programming with Kubernetes

Wrap Up

Introduction to AuthX

The security center of Kubernetes