Securing Azure Kubernetes Service (AKS) Clusters
This course will teach you to design, configure, and manage cluster security in Azure Kubernetes Service. Focusing on API server access, authentication, authorization, and network policies.
What you'll learn
Azure Kubernetes Services is a platform-as-a-service offering that provides you with a Kubernetes service in the Azure cloud. Like any other service, to operate it successfully you need to understand how to secure it. In this course, Securing Azure Kubernetes Service (AKS) Clusters, you will learn security concepts at the cluster, node, and network level to deploy production application services in AKS.
First, you’ll learn to configure secure access to AKS Cluster itself. Next, you’ll discover how to secure AKS worker nodes. Finally, you'll explore how to secure network traffic in your cluster. When you are finished with this course, you'll have the skills and knowledge of Azure Kubernetes Service clusters needed to build and deploy secure clusters in AKS.
Table of contents
- Introduction, Course, and Module Overview 2m
- AKS Core Security Concepts 2m
- Securing Access to the Cluster with Authorized IP Address Ranges 3m
- Using Authorized IP Address Ranges 2m
- Demo: Creating a Cluster with Authorized IP Address Ranges 3m
- Demo: Adding an Authorized IP Address Range to an Existing Cluster 4m
- Demo: Disabling Authorized IP Address Ranges 1m
- Securing Access to the Cluster Using Private Clusters 1m
- Accessing Private Clusters 2m
- Deploying a Private AKS Cluster 1m
- Demo: Deploying a Private AKS Cluster 2m
- Demo: Accessing a Private AKS Cluster 4m
- Module Review and What's Next 1m
- Introduction, Course, and Module Overview 1m
- Understanding Securing Authentication to the Cluster 2m
- Authenticating to a Cluster Using Azure AD 2m
- Demo: Deploying an Azure AD Enabled Cluster 6m
- Demo: Authenticating to an Azure AD Enabled Cluster 5m
- Understanding Securing Authorization to the Cluster 2m
- Understanding the Foundations of Role Based Access Controls 2m
- Using Kubernetes Role Based Access Controls 4m
- Demo: Configuring Azure Active Directory Prerequisites for Using Kubernetes RBAC 5m
- Demo: Configuring Kubernetes RBAC in Your Cluster 3m
- Demo: Testing Kubernetes RBAC Roles for an Azure Active Directory User 4m
- Understanding Azure Role Based Access Controls 3m
- Using Azure Role Based Access Controls 2m
- Demo: Deploying an Azure AD and RBAC Enabled Cluster 2m
- Demo: Configuring Azure Role Based Access Controls for Cluster Access 6m
- Demo: Testing Azure RBAC Roles for an Azure Active Directory User 2m
- Module Review and What's Next! 1m
- Introduction, Course, and Module Overview 1m
- Understanding AKS Node Updates 2m
- Managing Reboots with the Kubernetes Reboot Daemon - kured 1m
- Demo: Deploying Kubernetes Reboot Daemon - kured 4m
- Demo: Configuring Kubernetes Reboot Daemon - kured 3m
- Understanding Node Image Upgrades 2m
- Node Image Upgrade Process 1m
- Demo: Exploring Node Image Upgrades 4m
- Module Review and What's Next 1m
- Introduction, Course, and Module Overview 1m
- Undestanding Controlling Traffic Flow Using Network Policies 2m
- Using Network Policies to Control Traffic Flow 2m
- Demo: Deploying a Azure Network Policy Enabled Cluster 5m
- Demo: Deploying a Network Policy to Control Traffic Flow 2m
- Demo: Testing Application Connectivity with Network Policy 2m
- Module Review and Thank You! 1m
About the authors
Anthony is a Senior Principal Field Solution Architect at Pure Storage as well as a Pluralsight Author, a Microsoft Data Platform MVP, Linux Expert, and Corporate Problem Solver. Anthony designs solutions, deploys the technology, and provides expertise on business system performance, architecture, and security. Anthony has a Bachelors and Masters in Computer Science with research publications in high performance/low latency data access algorithms and spatial database systems.
Ben Weissman, a Microsoft Data Platform MVP, has been working with SQL Server since SQL Server 6.5, mainly in the BI/Datawarehousing field. Besides his Pluralsight courses, Ben is also the co-author of multiple books on data and kubernetes including "SQL Server on Kubernetes ", "Azure Arc-enabled Data Services", "SQL Server Big Data Clusters" and "The Biml Book". He is also a regular speaker at international events. Ben and his team at Solisyon have been involved in more than 200 Business I... more