This workshop is designed to help you understand the Azure Kubernetes Service Secure Baseline. The secure baseline is a reference implementation which demonstrates the recommended starting infrastructure architecture for a general purpose AKS cluster.
Whilst the AKS Secure Baseline repo provides a detailed step by step guide to deployment, this workshop is designed to firstly get the reference architecture deployed quickly and then deep dive into the features.
-
Deploying and configuring the AKS cluster and supporting services.
-
Authentication and Authorisation
- Accessing your cluster using Azure Active Directory for authentication
- Understanding Kubernetes RBAC
-
- Node pools
- Nodes
- Scaling, HPA and CA
- System and user node pools
- Memory reservation
- Node maintenance, kured, node image updates
-
- Managed Identity configuration
-
- Authentication
- Importing public images
- Geo replication
-
Cluster Configuration Management
- GitOps / Flux
- Investigate the YAML files
- Namespaces
- Components installed via GitOps - Pod Identity, Key Vault CSI
-
- Hub and spoke network topology, peering
- Subnets for App Gateway, Ingress and Cluster
- Forced tunnel configuration
- Network Security Group configuration
- Azure Firewall configuration
- Azure Load Balancer
-
Kubernetes Network Configuration
- Azure CNI, network address space design
- Azure Network Policy
- App Gateway, Traefik Ingress, Certificates
-
- Key Vault configuration
-
- Azure Policy
- Understand the default policies that have been deployed
-
- Deployment
- Network policy
- Traffic flow
- PDB
-
- Use Log Analytics to ...