Learn Kubernetes and AKS Network Security

Focused View

Houssem Dellai

3:07:50

100 View

1. Introduction to Kubernetes

1. How to setup an AKS cluster.mp4

12:18

2. Cluster infrastructure resources.mp4

06:01

3. Create Pod.mp4

05:32

4. Create deployment object.mp4

03:42

5. Exec into Pod.mp4

01:36

6. Scale pods.mp4

01:34

7. Create private service.mp4

05:17

8. Create public service using LoadBalancer.mp4

02:25

9. View kubernetes objects in the Azure portal.mp4

01:10

2. Comparing AKS public and private clusters

1. Intro.mp4

02:18

2. Architecture of a public cluster.mp4

03:49

3. Private cluster with Private Endpoint.mp4

05:58

4. Public cluster with VNET integrtion.mp4

03:28

5. Private cluster with VNET integration.mp4

03:28

6. Accessing a private cluster.mp4

01:34

7. Recap.mp4

02:22

3. Kubernetes CoreDNS

1. Introduction to Core DNS (previously Kube-DNS).mp4

03:07

2. [Demo] Setting up custom domain name using CoreDNS.mp4

09:09

4. Securing Ingress using TLSHTTPS

1. Exposing non secure ingress.mp4

12:25

2. Introduction to securing Ingres using TLS certificates.mp4

02:08

3. [Demo] Securing ingress using TLS certificate stored in kubernetes secret.mp4

09:01

4. Securing ingress traffic using TLS certificates stored in Azure Key vault.mp4

05:00

5. [Demo] Securing ingress traffic using TLS certificates stored in Azure Key vault.mp4

22:38

5. Securing inter Pod communication using TLS

1. Introduction to inter pod communication.mp4

03:57

2. [Demo] Securing Pod to Pod communication.mp4

05:19

6. Implementing network policy using Calico

1. Introduction to Calico.mp4

04:06

2. Setting up the demo env.mp4

01:21

3. All pods across namespaces can communicate with each other.mp4

02:55

4. Deploying the first network policy to deny all traffic between pods.mp4

01:54

5. [Demo] Testing the deny all policy.mp4

01:08

6. Deploying a policy to allow specific traffic.mp4

01:38

7. [Demo] Testing the allow traffic policy.mp4

03:04

8. Creating network policy to allow traffic in a certain namespace.mp4

04:23

9. Exploring Network Policy Viewer tool.mp4

03:12

7. Setting up AKS, ACR and VM in a private virtual network

1. Introduction to private AKS cluster in VNET.mp4

00:47

2. [Demo] Creating private AKS and VM.mp4

13:09

3. Introduction to private ACR with private AKS.mp4

00:47

4. [Demo] Creating private ACR and setting the connection with AKS.mp4

14:10

Description

Learn how to secure network communication in AKS/Kubernetes cluster

What You'll Learn?

Learn AKS and Kubernetes network best practices
Learn how to securely expose services in Kubernetes
Learn how to secure pod to pod communication
Learn to setup TLS certificates for pods and ingress

Who is this for?

This course is for platform teams that needs to manage Kubernetes cluster and securely deploy apps.

More details

Description
You started your journey learning Kubernetes ?
You have been learning the fundamentals of a Kubernetes cluster ?
And now you want to make sure your cluster is production ready in terms of security ?

If you are looking for how to secure your Kubernetes cluster then this course is for you.

Let us face it, security is not an easy task. And Kubernetes is not an exception.
Securing a Kubernetes cluster requires thinking about all these aspects:
Network security: through private cluster access to API Server with Private Endpoint.
Secure egress traffic: all egress traffic should be filtered using Firewall.
Secure ingress traffic: using TLS and HTTPS on the ingress controller.
Secure inter-pod communication: secure traffic between pods using TLS or mTLS.
Controlling traffic between pods: using Network Policy tools like Calico.
Securing access to Managed Identities: by restricting access to IMDS endpoint (169.254.169.254).

Microsoft provides the following recommendations to secure an AKS cluster and this course will try to go deeper with demonstration.
Recommendation 1: To distribute HTTP or HTTPS traffic to your applications, use ingress resources and controllers. Compared to an Azure load balancer, ingress controllers provide extra features and can be managed as native Kubernetes resources.
Recommendation 2: To scan incoming traffic for potential attacks, use a web application firewall (WAF) such as Barracuda WAF for Azure or Azure Application Gateway. These more advanced network resources can also route traffic beyond just HTTP and HTTPS connections or basic TLS termination.
Recommendation 3: Use network policies to allow or deny traffic to pods. By default, all traffic is allowed between pods within a cluster. For improved security, define rules that limit pod communication.
Recommendation 4: Don't expose remote connectivity to your AKS nodes. Create a bastion host, or jump box, in a management virtual network. Use the bastion host to securely route traffic into your AKS cluster to remote management tasks.

Disclaimer: This course uses Azure Kubernetes Service (AKS) for demonstrations. But most of the content is applicable to any Kubernetes cluster on any environment.
Who this course is for:
This course is for platform teams that needs to manage Kubernetes cluster and securely deploy apps.

User Reviews

Rating

average 0

Total votes0

Focused display

Houssem Dellai is a Cloud Solution Architect at Microsoft. Before that, he was nominated Microsoft Most Valuable Professional (MVP) for 5 years in a row. You might saw his work without you had even noticed ! If you were looking for content on Docker, Kubernetes, DevOps, Terraform, Xamarin, ASP.NET or Azure, chances are so high that you have passed through his Youtube channel or his blog posts on Microsoft Blog, Medium and CodeProject.He is also a conference speaker and professional certified trainer (MCT) who have trained thousands of students and professional developers. So, he knows where people stuck to learn new technologies. He is the one who can simplify the complicated concepts for beginners.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.