The intent of this workshop is to introduce Calico Cloud(https://www.calicocloud.io/home/) to manage AKS clusters and leverage Calico features to implement the various use cases. While there are many capabilities that the Calico product provides, this workshop focuses on a subset of those that are used most often by enterprises to derive value from the Calico Product.
In this workshop we are going to focus on these main use cases (with links to Calico docs for further info). Note that features for policy and visibility as outlined in this workshop are identical between Calico Cloud and Calico Enterprise. Consult the Calico Enterprise docs for further reading:
- Integration: Integrating Calico Cloud into the AKS clusters.
- East-West security: leveraging zero-trust security approach.
- Egress access controls: using DNS policy to access external resources by their fully qualified domain names (FQDN).
- Observability: exploring various logs and application level metrics collected by Calico.
- Compliance: providing proof of security compliance.
Calico User Group Slack is a great resource to ask any questions about Calico. If you are not a part of this Slack group yet, we highly recommend joining it to participate in discussions or ask questions. For example, you can ask questions specific to EKS and other managed Kubernetes services in the #eks-aks-gke-iks
channel.
- Developers
- DevOps Engineers
- Solutions Architects
- Anyone that is interested in Security, Observability and Network policy for Kubernetes.
It is recommended to follow the AKS creation step outlined in Module 0 and to keep the resources isolated from any existing deployments. If you are using a corporate Azure account for the workshop, make sure to check with account administrator to provide you with sufficient permissions to create and manage AkS clusters and Load Balancer resources.
-
Terminal or Command Line console to work with Azure resources and AKS cluster
-
Git
-
netcat
- Module 0: Creating an AKS compatible cluster for Calico Cloud
- Module 1: Joining AKS cluster to Calico Cloud
- Module 2: Configuring demo applications
- Module 3: Using security controls
- Module 4: Using egress access controls
- Module 5: Using observability tools
- Module 6: Using alerts
- Module 7: Packet Capture
- Module 8: Anomaly Detection
- Module 9: Using compliance reports
-
Delete application stack to clean up any
loadbalancer
services.kubectl delete -f demo/dev/app.manifests.yaml kubectl delete -f demo/boutiqueshop/boutique-app.manifests.yaml
-
Delete AKS cluster.
az aks delete --name $CLUSTERNAME
-
Delete the azure resource group.
az group delete --resource-group $RGNAME