One of the options for this workshop is to present the content as a bunch of challenges instead of simply giving the answers. This promotes self-learning and collaboration which is a great way to learn.
- Update Firewall Rules
- Add RBAC to Namespaces
- Define Network Policies
- Setup Policy Enforcement and Enable * Registry Whitelisting * Enforce Requests & Limits * Require Labels * Enforce Internal Load Balancers (ILBs) - No Public IP
- Setup Runtime Monitoring
- Setup Ingress Controller w/TLS
- Setup Service Mesh for Custom Scaling
- Connect AKS to Azure Security Center
- Setup Chargeback
- Setup Alerting * Alert when SSH access into a Container * Alert when AKS Cluster does not have IP whitelisting set
The following are the requirements to start.
-
Azure Account Azure Portal
-
Azure CLI Install CLI
-
Kubectl CLI Install kubectl with Azure CLI
-
Git Git SCM
-
Terraform Terraform Download
-
Docker Community Edition (CE)Install CE
-
Code Editor Install VS Code
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
Microsoft and any contributors grant you a license to the Microsoft documentation and other content in this repository under the Creative Commons Attribution 4.0 International Public License, see the LICENSE file, and grant you a license to any code in the repository under the MIT License, see the LICENSE-CODE file.
Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.
Privacy information can be found at https://privacy.microsoft.com/en-us/
Microsoft and any contributors reserve all other rights, whether under their respective copyrights, patents, or trademarks, whether by implication, estoppel or otherwise.