Free & Open Source Course

Teleport for Kubernetes

Learn to deploy, configure, and operate Teleport as the access layer for your Kubernetes clusters. From zero to a fully working setup with identity-based access, role-based controls, just-in-time privilege escalation, and full audit logging.

Modules
6

Planned lessons across the course.

Live Now
6

Start with the published path today.

Pace
Self-paced

Structured for self-paced study.

Level
Intermediate

Real implementation detail, not fluff.

Learning Path

The course follows a clear sequence so each module pays off in the next one.

5 steps

01

Deploy Teleport on Kubernetes with Helm

02

Configure identity-based access with GitHub SSO

03

Implement fine-grained RBAC with defense in depth

04

Set up just-in-time access requests for incidents

05

Use audit logging and session recording

David Flanagan

Taught by

David Flanagan

Jump to the curriculum
Course Overview

What this course covers

Use this as the editorial overview before diving into the curriculum below.

About this Course

Kubernetes access is broken by default. Long-lived kubeconfig credentials, shared identities, no revocation, and audit logs that can’t tell you who did what. This course fixes that.

Over six hands-on videos, you’ll deploy Teleport on Kubernetes from scratch using Helm, wire up GitHub SSO for identity-based authentication, build a two-layer RBAC model with defense in depth, implement just-in-time access requests for incident response, and explore Teleport’s audit logging and session recording capabilities.

Everything is built on the Teleport Community Edition, which is free and open source. Every video includes runnable demo scripts that you can execute on your own machine using a local Kind cluster — no cloud account required.

By the end of this course, you’ll have the foundations for securing your Kubernetes access with real identities, least privilege, time-bounded elevation, and a complete audit trail.

Curriculum

Course content

Published modules are ready now. Planned lessons stay visible so the path is obvious.

Curriculum
6

Modules planned across the course.

Available
6

Everything in the outline is live.

Runtime
Self-paced

Published lessons ready to watch now.

Getting Started

2 lessons ready right now.

2 modules
1

Introduction to Teleport for Kubernetes

Understand the problem with default Kubernetes access — long-lived credentials, no revocation, and audit gaps — and how Teleport solves it with short-lived certificates, real identities, and full audit logging.

2

Deploying a Teleport Cluster on Kubernetes

Deploy a working Teleport cluster on Kubernetes using Helm, with TLS certificates via cert-manager and an admin user ready to log in.

Access Control

2 lessons ready right now.

2 modules
3

Identity-Based User Access & RBAC

Replace manually configured users with GitHub SSO authentication, map GitHub teams to Teleport roles, and access your Kubernetes clusters with short-lived certificates tied to real identities.

4

Two-Layer RBAC with Teleport Boundaries

Build a two-layer RBAC model where Teleport controls which Kubernetes groups a user's certificate carries, and Kubernetes RBAC controls what those groups can do — with deny rules creating hard security boundaries.

Advanced Features

2 lessons ready right now.

2 modules
5

Just-in-Time Access for Incidents

Implement just-in-time access requests so nobody has standing admin privileges — when paged at 3 AM, engineers request temporary elevated access that is peer-reviewed and time-bounded.

6

Auditing and Session Recording

Explore Teleport's audit logging, session recording, and live session joining — every kubectl command, every exec session, tied to a real identity with full playback capabilities.