Telco Cloud Kubernetes Security Project

TelcoCloud-PRJK8SEC-A
Advanced
English
English
Discover the lab

Download Lab Guide

By signing up, you accept the Terms of Service and Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Discover the lab
DOWNLOAD LAB PDF

About The Lab

Prerequisites

Containers
Kubernetes Intermediate level

Audiences

Lab Architecture

The lab provides a hands-on environment based on a kubeadm-initialized Kubernetes cluster where users deploy and manage containerized 5G network functions across multiple namespaces (RAN, control plane, and user plane). The architecture integrates key components such as Calico and Multus for networking, NGINX Ingress and Cert-Manager for secure traffic management, Harbor for image registry and scanning, and Keycloak for authentication.

Users will configure RBAC, network policies, and secure workloads while interacting with core Kubernetes components like etcd, enabling a realistic simulation of Telco Cloud orchestration, security, and automation scenarios.

Why this Lab ?

This lab provides hands-on experience in building and operating a Kubernetes cluster initialized with kubeadm to simulate a Telco Cloud environment. Participants will deploy containerized 5G network functions (CNFs) across different network planes (RAN, control, and user), configure networking with Calico and Multus, and implement traffic management using network policies.

The lab also covers essential security and operations practices, including TLS-secured ingress, RBAC, ConfigMaps and Secrets management, policy enforcement (OPA Gatekeeper, Kyverno), system hardening (AppArmor), and image scanning with Harbor.

By working through these scenarios, participants develop practical skills in orchestration, network segmentation, and securing cloud-native 5G infrastructures.

Lab Objectives

  • Set up a Kubernetes cluster using kubeadm.
  • Deploy and manage containerized 5G network functions (CNFs).
  • Organize workloads across RAN, control plane, and user plane namespaces.
  • Configure networking using Calico and Multus for multi-interface communication.
  • Implement network policies for traffic control and segmentation.
  • Expose services securely using NGINX Ingress and TLS with Cert-Manager.
  • Apply RBAC and resource quotas for access control and resource management.
  • Manage application configuration using ConfigMaps and Secrets.
  • Enforce policies using OPA Gatekeeper and Kyverno.
  • Harden workloads with AppArmor and runtime isolation (gVisor).
  • Secure container images using Harbor registry and vulnerability scanning.
  • Implement authentication using Keycloak and OAuth2 Proxy.
  • Encrypt sensitive data in ETCD and enable audit logging for monitoring.

Related Labs

Explore More Hands-On Trainings

Explore More

Get Your Hands-On Training Lab

REQUEST LAB

CATALOG

EnablementTesting & Troubleshooting

SOLUTIONS

AI AskAI TestAI Troubleshoot

ABOUT

CompanyPartnersAdvisorsTalk to an expertPrivacy PolicyTerms of Service

USE CASES

LabLabee for TelcosLabLabee for UniversitiesLabLabee for Industries

RESOURCES

BlogEbooks & Whitepapers

© 2026 LabLabee. All rights reserved.