In this AKS-centric workshop, participants will work closely with Calico Cloud, a comprehensive networking and security solution provided by Tigera. Throughout the workshop, we will explore a range of security features and best practices tailored for AKS deployments, learning to implement robust network security measures, enforce access controls, and fortify AKS environments against potential threats.
The purpose of this repository is to offer you a comprehensive, step-by-step guide on registering your AKS cluster on Calico Cloud, and securing your cloud-native applications to meet compliance requirements. Although Calico Cloud provides a wide range of functionalities and security features, this workshop will concentrate on a few key features used to protect your workload in runtime and deployment time. If you would like to delve deeper into this topic, please don't hesitate to contact us.
The estimated time to complete this workshop is 60-90 minutes.
- Cloud Professionals
- DevSecOps Professional
- Site Reliability Engineers (SRE)
- Solutions Architects
- Anyone interested in Calico Cloud :)
Learn how to:
- Scan container images and block deployment of vulnerable images.
- Preview and enforce security policies to protect vulnerable workloads.
- Implement zero-trust access controls and micro-segmentation to improve the security posture.
⚠️ For this workshop, you are expected to have access to a previously created AKS cluster.
-
Please, follow the instructions on the repository below if you don't have it ready:
-
We will run this workshop from the Azure Cloud Shell, as described in that repository.
-
To start your cluster, reload the environment variables create in your Azure Cloud Shell first and then start the cluster. Use the following command:
source ~/workshopvars.env az aks start --resource-group $RESOURCE_GROUP --name $CLUSTERNAME
This workshop is organized in sequential modules. One module will build up on top of the previous module, so please, follow the order as proposed below.
Module 1 - Connect the AKS cluster to Calico Cloud
Module 2 - Scan Container Images
Module 3 - Calico Cloud Admission Controller
Module 4 - Implement zero-trust access controls and micro-segmentation
Module 5 - Clean up
- Project Calico
- Calico Academy - Get Calico Certified!
- O’REILLY EBOOK: Kubernetes security and observability
- Calico Users - Slack
Follow us on social media
Note: The examples and sample code provided in this workshop are intended to be consumed as instructional content. These will help you understand how Calico Cloud can be configured to build a functional solution. These examples are not intended for use in production environments.