Microsoft Azure: Hands-on AKS workshop
Shift-left security with Vulnerability Management in AKS and Calico Cloud
In this AKS-focused workshop, you will work with Microsoft Azure and Calico Cloud to learn how to design and deploy best practices to secure your Kubernetes environment at build,deploy and runtime - preventing, detecting and building a security moat around your workloads to protect from container and network-based attacks as early as possible in the development and early runtime phases.
Cloud-native applications require a modern approach on zero-trust principles identity-based access, least privilege access, and proactively putting in the guardrails as early in the development process as possible.
Calico Cloud enables Image Assurance to establish a security posture around container image vulnerability management during build, deploy and runtime while also providing an IDS/IPS via DPI (Deep Packet Inspection) and a Network Policy recommender to setup a baseline zerotrust network policy posture for new and existing workloads along with Wireguard encryption for the inter-node pod-to-pod traffic to encourage a shift-left security mindset and implement best practices early and often.
You will come away from this workshop with an understanding of how others in your industry are securing and observing cloud-native applications in Microsoft Azure, along with best practices that you can implement in your organization.
The estimated time to complete this workshop is 90-120 minutes.
- Cloud Professionals
- DevSecOps Professional
- Site Reliability Engineers (SRE)
- Solutions Architects
- Anyone interested in Calico Cloud :)
Learn how to build a security moat around your workloads by:
- Scanning container images and blocking deployment based on your security criteria during build time.
- Implementing runtime security with IDS/IPS using DPI and then using the network policy recommender to develop a zero-trust default-deny approach
- Encrypting inter-node pod-to-pod traffic in a cluster as best practice using Wireguard
- Getting visibility inside your Kubernetes cluster traffic to troubleshoot and improve security posture
This workshop is organized in sequential modules. One module will build up on top of the previous module, so please, follow the order as proposed below.
Module 1 - Getting Started
Module 2 - Deploy an AKS cluster
Module 3 - Connect the cluster to Calico Cloud
Module 4 - Scan Container Images
Module 5 - Calico Cloud Admission Controller
Module 6 - Runtime security with IDS/IPS using Deep Packet Inspection
Module 7 - Zero-trust access control using Network Policy Recommender
Module 8 - Enabling End to End Encryption with WireGuard
Module 9 - Traffic visualization inside your Kubernetes Cluster
Module 10 - Clean up
- Project Calico
- Calico Academy - Get Calico Certified!
- O’REILLY EBOOK: Kubernetes security and observability
- Calico Users - Slack
Follow us on social media
Note: The workshop provides examples and sample code as instructional content for you to consume. These examples will help you understand how to configure Calico Cloud and build a functional solution. Please note that these examples are not suitable for use in production environments.