Free & Open Source Course

Teleport for Kubernetes

Learn to deploy, configure, and operate Teleport as the access layer for your Kubernetes clusters. From zero to a fully working setup with identity-based access, role-based controls, just-in-time privilege escalation, and full audit logging.

6
Modules
Intermediate
Level

Your Learning Path

1

Deploy Teleport on Kubernetes with Helm

2

Configure identity-based access with GitHub SSO

3

Implement fine-grained RBAC with defense in depth

4

Set up just-in-time access requests for incidents

5

Use audit logging and session recording

David Flanagan

Taught by

David Flanagan
Start Learning

Get Course Updates

Be the first to know when new modules are released

What you'll get:

  • Instant notifications for new modules
  • Access to course source code
  • Exclusive tips and best practices
  • Community support and Q&A

Course Overview

About this Course

Kubernetes access is broken by default. Long-lived kubeconfig credentials, shared identities, no revocation, and audit logs that can’t tell you who did what. This course fixes that.

Over six hands-on videos, you’ll deploy Teleport on Kubernetes from scratch using Helm, wire up GitHub SSO for identity-based authentication, build a two-layer RBAC model with defense in depth, implement just-in-time access requests for incident response, and explore Teleport’s audit logging and session recording capabilities.

Everything is built on the Teleport Community Edition, which is free and open source. Every video includes runnable demo scripts that you can execute on your own machine using a local Kind cluster — no cloud account required.

By the end of this course, you’ll have the foundations for securing your Kubernetes access with real identities, least privilege, time-bounded elevation, and a complete audit trail.

Course Content

Getting Started
2 modules
1

Introduction to Teleport for Kubernetes

Understand the problem with default Kubernetes access — long-lived credentials, no revocation, and audit gaps — and how Teleport solves it with short-lived certificates, real identities, and full audit logging.

2

Deploying a Teleport Cluster on Kubernetes

Deploy a working Teleport cluster on Kubernetes using Helm, with TLS certificates via cert-manager and an admin user ready to log in.

Access Control
2 modules
3

Identity-Based User Access & RBAC

Replace manually configured users with GitHub SSO authentication, map GitHub teams to Teleport roles, and access your Kubernetes clusters with short-lived certificates tied to real identities.

4

Two-Layer RBAC with Teleport Boundaries

Build a two-layer RBAC model where Teleport controls which Kubernetes groups a user's certificate carries, and Kubernetes RBAC controls what those groups can do — with deny rules creating hard security boundaries.

Advanced Features
2 modules
5

Just-in-Time Access for Incidents

Implement just-in-time access requests so nobody has standing admin privileges — when paged at 3 AM, engineers request temporary elevated access that is peer-reviewed and time-bounded.

6

Auditing and Session Recording

Explore Teleport's audit logging, session recording, and live session joining — every kubectl command, every exec session, tied to a real identity with full playback capabilities.

Course Resources

Teleport Documentation

Official Teleport documentation

Teleport GitHub Repository

Source code and community edition