Establishing a Private Cluster with a Secure Bastion Host
This lab uses the Kubernetes kops installer to initialize a private Kubernetes cluster with a secure bastion host. The student is guided through the use of an ssh agent to carry an RSA Identity through to the bastion host and thus facilitate access to the kubernetes master node without having to replicate the original rsa key from the Jump Box used to create the cluster. Last the student is shown that stopping the secure bastion host then prevents any access to the kubernetes nodes, and also any deployments of workloads or use of the kubectl command.
This lab allows the student to initialize a Kubernetes Cluster using the kops installer. The topology private is enabled and a bastion host is created by the kops utility. Once initialized the student is shown how to securely access the cluster using an ssh agent. The kube-bench utility is run on the master node to evaluate the node's adherence to the CIS Security Benchmark. Lastly the student is shown how to cut off all access to the cluster from outside the VPC by simply stopping the bastion host.