Discover what is in this course
Get more engaged with the Lightboard
Instead of relying on cold powerpoint slides, most of the concepts presented in this course are explained on the Lightboard.
The Lightboard makes it easy to explain while drawing on the Plexiglas and keeping an eye contact with learners.
This is really useful especially for visual learners.
Clean architecture diagrams
For professional engineers, nothing is compared to having a clean and detailed diagram showing all components of a system. This course provides dozens of diagrams.
Powerpoint slides ready to be reused with your customers
More than 300 slides are used in this intensive course. These slides are free to use and share within your community.
Get access to the source code and all scripts
In this course, there are more than 30 demonstrations. This means lots of code, config files and scripts. Don't worry. You will get them all organized by chapter.
Your trusted trainer is Houssem Dellai
This is not another course created by trainers who just reads the product documentation.
You are in the hands of a professional engineer and passionate content creator. Houssem Dellai is a Cloud Solution Architect working for Microsoft. He is a trusted advisor for dozens of customers running Kubernetes in production.
He enjoys sharing his professional experience on Youtube, Udemy, Microsoft official blog, conferences, webinars, etc. He was awarded Microsoft MVP for five years in a row thanks to his contributions in many opensource projects.
Why you need this course ?
You started your journey learning Kubernetes ?
You have been learning the fundamentals of a Kubernetes cluster ?
And now you want to make sure your cluster is production ready in terms of security ?
If you are looking for how to secure your Kubernetes cluster then this course is for you.
Let us face it, security is not an easy task. And Kubernetes is not an exception.
Securing a Kubernetes cluster requires thinking about all these aspects (among others):
- Network security: through private cluster access to API Server with Private Endpoint.
- Secure egress traffic: all egress traffic should be filtered using Firewall.
- Secure ingress traffic: using TLS and HTTPS on the ingress controller.
- Secure inter-pod communication: secure traffic between pods using TLS or mTLS.
- Controlling traffic between pods: using Network Policy tools like Calico.
- Securing access to Managed Identities: by restricting access to IMDS endpoint (169.254.169.254).
- Choosing the right network plugin: Kubenet vs Azure CNI vs Overlay mode
- And many more, to discover in this course!
The Curriculum for this course (12+ hours of content)
Introduction to the course
Available in
days
days
after you enroll
Introduction to Kubernetes
Available in
days
days
after you enroll
Getting started with Kubernetes fundamentals
Available in
days
days
after you enroll
- Create Kubernetes cluster on Azure (12:18)
- Viewing cluster infrastructure (6:01)
- Creating Pod (docker image) (5:32)
- Creating Deployment (3:42)
- Exec into Pod (1:36)
- Scale out Pods (replicas) (1:34)
- Creating private/internal Service (5:17)
- Creating Public Service (Public IP) (2:25)
- Viewing Kubernetes objects on Azure portal (1:10)
AKS Networking Plugins
Available in
days
days
after you enroll
Public and private clusters on Azure
Available in
days
days
after you enroll
AKS Egress Traffic and Outbound Types
Available in
days
days
after you enroll
- Introduction to AKS Egress and Outbound Types on the Lightboard (10:53)
- Introduction to AKS Egress and Outbound Types (PPT) (3:37)
- AKS with Outbound Type Load Balancer (2:54)
- [Demo] AKS with Outbound Type Load Balancer (0:59)
- SNAT port exhaustion issue with Load Balancer (2:22)
- SNAT port exhaustion solutions (2:08)
- AKS with Outbound Type Managed NAT Gateway (2:49)
- [Demo] AKS with Outbound Type Managed NAT Gateway (1:29)
- AKS with Outbound Type user assigned NAT Gateway (1:27)
- [Demo] AKS with Outbound Type user assigned NAT Gateway (1:55)
- AKS with Outbound Type user defined routing (UDR) (5:26)
- [Demo] AKS with Outbound Type user defined routing (UDR) (7:02)
- Ingress issues and options with UDR mode (4:02)
Kubernetes Core DNS
Available in
days
days
after you enroll
Kubernetes External DNS
Available in
days
days
after you enroll
Kubernetes Network Policy: the in-cluster Firewall
Available in
days
days
after you enroll
- Introduction to Network Policy with Calico (4:07)
- Setting the environment for the demo (1:21)
- Demo - Pod to Pod communication is not restricted (2:55)
- Demo - Deploy first network policy to deny all traffic (1:54)
- Demo - Validating the deny all policy (1:08)
- Demo - Deploy network policy to allow certain traffic (1:38)
- Demo- Validating the allow traffic policy (3:04)
- Demo - Creating network policy for allowing communication inside a namespace (4:23)
- Exploring network policy viewer tool (3:12)
- The demo content
Securing access to cluster IMDS server (169.254.169.254)
Available in
days
days
after you enroll
Exposing services through Ingress Controller
Available in
days
days
after you enroll
- Installing and configuring Nginx Ingress Controller (12:25)
- Introduction to Application Gateway intergration with AKS (0:40)
- Explaining how AGIC works on the lightboard (13:29)
- Introduction to Application Gateway intergration with AKS (PPT) (1:31)
- Enabling AGIC extension in an AKS cluster (5:18)
- Deploying an ingress using AGIC (7:23)
HTTPS in Kubernetes for Ingress and Pods
Available in
days
days
after you enroll
- Introduction to traffic security using TLS certificates (8:53)
- Introduction to securing Ingress (2:08)
- Demo - Configuring TLS certificate for Ingress (9:02)
- Securing access to TLS certificate using Key vault (5:00)
- Demo - Configuring Ingress TLS with Azure Key vault (22:38)
- Introduction to Pod to Pod communication (3:57)
- Demo - Securing inter-Pod traffic using TLS certificate (5:19)
- Introduction to Cert Manager (5:05)
- Demo - Automate traffic encryption using Cert Manager (9:33)
AKS Landing Zone
Available in
days
days
after you enroll
- Introduction to Platform Entreprise Scale and Application Landing Zone (6:01)
- Multi-layer Terraform (4:10)
- Steps to deploy AKS Landing Zone (4:06)
- Customizing the Landing Zone (2:05)
- Configuring Terraform backend state (1:57)
- Creating Azure AD groups (2:26)
- Creating the Hub network (6:18)
- Creating the Spoke network (4:48)
- Deploying ACR and Key vault (2:38)
- Deploying AKS cluster into the Landing Zone (4:19)
Configuring private AKS network with Private Endpoint
Available in
days
days
after you enroll
- Introduction (0:47)
- Creating Private AKS cluster (3:12)
- Checking the Private Endpoint for AKS (1:25)
- Accessing private cluster using Command Invoke (1:49)
- Creating a Jumpbox Azure VM with Bastion host (1:52)
- Connect Jumpbox VM to private AKS using VNET peering (3:29)
- Demoing the connection using Bastion (1:21)
- Creating Private Endpoint for ACR (4:57)
- Checking Private Endpoint and Private DNS for ACR (2:14)
- Configuring the connection between Jumpbox VM and ACR (4:33)
- Connecting AKS to ACR Private Endpoint (1:39)
- Conclusion (0:43)
Karpenter for AKS
Available in
days
days
after you enroll
Gateway API with Application Gateway for Containers
Available in
days
days
after you enroll
- [Lightboard] Gateway API and Ingress API (5:14)
- [Lightboard] AGIC vs Application Gateway for Containers
- Introduction to Application Gateway for Containers
- [Demo] Part 1: Setup the demo environment
- [Demo] Part 2: Installing the ALB Controller and its Managed Identity
- [Demo] Part 3: Creating and configuring Application Gateway for Containers
- [Demo] Part 4: Exposing an application using Gateway API and HttpRoute
Data persistence in Azure Disk
Available in
days
days
after you enroll
- Lighboard Introduction to Azure Disk (LRS, ZRS and Shared) (17:04)
- Introduction to LRS Disk (4:42)
- Demo Creating an Azure LRS Disk (9:24)
- Introduction to Azure ZRS Disk (4:28)
- Demo Creating an Azure ZRS Disk (7:32)
- Introduction to Azure Shared ZRS Disk (7:25)
- Demo Creating an Azure Shared ZRS Disk (9:31)
Data persistence in Storage Account
Available in
days
days
after you enroll
Backup for AKS cluster
Available in
days
days
after you enroll
- Introduction to AKS Backup (9:53)
- [Lightboard] Introduction to AKS Backup (10:02)
- [Demo] Preparing the demo environment (2:55)
- Installing AKS Backup extension (4:06)
- [Demo] Deploying sample app (PV, Deploy) for backup (2:27)
- Configuring Backup Policy and Instance (11:03)
- Triggering manual backup (3:59)
- Restore an AKS cluster (6:44)
- Verifying Restore errors (3:19)
Securing Secrets using Secret Store CSI volume
Available in
days
days
after you enroll
Scheduling Pods on Nodepools
Available in
days
days
after you enroll
AKS versioning and upgrades
Available in
days
days
after you enroll
Azure RBAC permissions for AKS
Available in
days
days
after you enroll
Logging with Log Analytics
Available in
days
days
after you enroll
Replacing Cluster Autoscaler with Karpenter
Available in
days
days
after you enroll
Check your inbox to confirm your subscription