In this workshop you will work with Microsoft Azure and Calico Cloud to learn how to employ Calico Cloud in order to visualize cluster traffic and pinpoint security vulnerabilities within your Kubernetes AKS cluster.
In today's highly interconnected and digital landscape, ensuring the security of your AKS Kubernetes clusters is an absolute necessity. This workshop provides you with the essential knowledge and skills to strengthen your cluster's defenses thoroughly, guaranteeing the safeguarding of vital workloads and sensitive information. It enables you to tailor security measures to suit your specific needs and keeps you at the forefront of cybersecurity in a swiftly evolving environment.
The estimated time to complete this workshop is 60-120 minutes.
- Learn how to set up workload access controls with microsegmentation
- Learn how to use global network policies for namespace (or tenant) isolation
- Implement DNS-based egress access control with network sets and network policy
- Simulate potentially malicious behaviour inside a cluster and identify and observe security events in Calico
- Use the breadth of Calico's observability features to monitor, visualize and troubleshoot issues within the cluster
⚠️ For this workshop, you are expected to have access to a previously created AKS cluster.
-
Please, follow the instructions on the repository below if you don't have it ready:
-
You can run this workshop from the Azure Cloud Shell, as described in that repository or from a suitably configured local terminal.
-
To start your cluster, reload the environment variables create in your Azure Cloud Shell first and then start the cluster. Use the following command:
source ~/workshopvars.env az aks start --resource-group $RESOURCE_GROUP --name $CLUSTERNAME
This workshop is organized in sequential modules. One module will build up on top of the previous module, so please, follow the order as proposed below.
Module 1 - Connect the AKS cluster to Calico Cloud
Module 2 - Deploy an Application
Module 3 - Workload Microsegmentation
Module 4 - Container Security and Calico Security Events
Module 5 - Web Application Firewall
Module 6 - Egress Gateway and Azure Firewall
- Project Calico
- Calico Academy - Get Calico Certified!
- O’REILLY EBOOK: Kubernetes security and observability
- Calico Users - Slack
Follow us on social media
Note: The workshop provides examples and sample code as instructional content for you to consume. These examples will help you understand how to configure Calico Cloud and build a functional solution. Please note that these examples are not suitable for use in production environments.