Enterprises developing compliant cloud-native applications have two primary needs. First, they must secure and govern access to containerized workloads and the Kubernetes environment. Second, they need to simplify audit logging and compliance reporting. The Kubernetes environment is dynamic and distributed, and workloads are ephemeral, making it difficult to enforce compliance controls and provide continuous reporting.
This repo intends to guide you step-by-step on creating an Azure AKS cluster, registering the cluster on Calico Cloud and securing your cloud-native applications. Although Calico Cloud has many functionalities and security components, this workshop will explore only a few security features used to protect your workload in runtime and deployment time.
The estimated time to complete this workshop is 90-120 minutes.
- Cloud Professionals
- DevSecOps Professional
- Site Reliability Engineers (SRE)
- Solutions Architects
- Anyone interested in Calico Cloud :)
Learn how to:
- Scan container images and block deployment based on your security criteria during build time.
- Preview and enforce security policies to protect vulnerable workloads.
- Implement zero-trust access controls to prevent egress and lateral movement during runtime.
- Implement runtime security with IDS/IPS and malware detection.
- Implement global threatfeeds to prevent communication to known bad IPs and domains
- Get visibility into Kubernetes cluster traffic to troubleshoot and improve security.
This workshop is organized in sequential modules. One module will build up on top of the previous module, so please, follow the order as proposed below.
Module 1 - Getting Started
Module 2 - Deploy an AKS cluster
Module 3 - Connect the cluster to Calico Cloud
Module 4 - Scan Container Images
Module 5 - Calico Cloud Admission Controller
Module 6 - Zero-trust access control using identity-aware microsegmentation
Module 7 - Runtime security with IDS/IPS using Deep Packet Inspection
Module 8 - Global Threatfeeds
Module 9 - Traffic visualization inside your Kubernetes Cluster
Module 10 - Clean up
- Project Calico
- Calico Academy - Get Calico Certified!
- O’REILLY EBOOK: Kubernetes security and observability
- Calico Users - Slack
Follow us on social media
Note: The workshop provides examples and sample code as instructional content for you to consume. These examples will help you understand how to configure Calico Cloud and build a functional solution. Please note that these examples are not suitable for use in production environments.