Security + Governance Workshop

aks governance kubernetes security workshop

Перейти к файлу

Louis-Guillaume MORAND eadc1de3b5 Fix grammar, typos (#21 ) Co-authored-by: Kevin Harris <Kevin.Harris@microsoft.com>		2020-05-13 09:04:52 -04:00
app	Added back in missing txt file.	2020-01-16 07:04:07 -08:00
cluster-config	Updated linkerd to version 2.7.0.	2020-03-23 15:49:03 -04:00
cluster-design	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
cluster-pre-provisioning	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
cluster-provisioning	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
cost-governance	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
customer-scenario	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
day2-operations	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
deploy-app	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
governance-security	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
img	Added forking and image scanning.	2019-11-11 14:51:44 -05:00
post-provisioning	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
presentation	Added staging manifest files, firewall rule update and updated presentation.	2020-02-06 08:30:52 -05:00
service-mesh	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00
thought-leadership	fixing typos	2020-02-01 19:09:02 +01:00
validate-scenarios	fixing typos	2020-02-01 19:09:02 +01:00
.DS_Store	Update insructions.	2020-03-06 08:40:19 -05:00
.gitignore	Added back in missing txt file.	2020-01-16 07:04:07 -08:00
CODE_OF_CONDUCT.md	Initial commit	2019-10-07 10:57:44 -07:00
CUSTOMER_CHALLENGES.md	fixing typos	2020-02-01 19:09:02 +01:00
LICENSE	Initial commit	2019-10-07 10:57:46 -07:00
LICENSE-CODE	Initial commit	2019-10-07 10:57:45 -07:00
README.md	Update README.md to add \| between prereq names and links	2020-04-22 16:30:42 -05:00
SECURITY.md	Fix grammar, typos (#21 )	2020-05-13 09:04:52 -04:00

README.md

WORK IN PROGRESS

This repo is a WORK IN PROGRESS.

Cloud Native App Governance + Security Workshop

Hello, and welcome to the workshop. This is a 2-day hands-on workshop focused on setting up AKS along with additional technologies to make it adhere to the governance and security needs of highly regulated customers.

The workshop runs over 2 days and is meant to take an outside in approach. Meaning, we will start from the outside of the architecture and make our way inwards. It starts with focusing on Governance and Security decisions that need to be made before a single Azure resource is provisioned. We will then focus on decisions that need to get made prior to provisioning the cluster. Next, we will provision the cluster along with focusing on how to deploy common components post-provisioning. Once the cluster is configured, the next steps are to actually deploy workloads. Finally when the workloads are deployed, we will focus in on Day 2 operations when it comes to managing, maintaining and provising observability into the cluster.

End Goal

The end goal is to take you from having a kubernetes setup that is unsecure by default, to an Enterprise ready configuration that is secure by default. To help understand what that means please see the following illustrations showing a before and after setup.

Before Picture

After Picture

Lab Guides - Day 1

Lab Guides - Day 2

Prerequisites

The following are the requirements to start.

Azure Account | Azure Portal
- Ability to create AKS Clusters
- Ability to create Azure Service Principals or access to one that can create AKS Clusters
Azure CLI | Install CLI
- Minimum Version: 2.0.80
- AKS Preview Extension: 0.4.27
- Firewall Extension Version: 0.1.8
Kubectl CLI | Install kubectl with Azure CLI
- Minimum Version: 1.15.0
Git | Git SCM
- Minimum Version: 2.22
GitHub Account | GitHub Account
- Required for GitOps Approach to Multi-Cluster Management
Terraform | Terraform Download
- Minimum Version: v0.12.20
Docker Community Edition (CE) | Install CE
- Install Docker for Mac
- Install Docker for Windows
Code Editor | Install VS Code

Fork the Repo

It is important to Fork this repo, not just clone it. You will be creating Personal Access Tokens, which in turn will be creating SSH keys, and they will be used to make changes to a GitHub repo.

Forking a Repository

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Legal Notices

Microsoft and any contributors grant you a license to the Microsoft documentation and other content in this repository under the Creative Commons Attribution 4.0 International Public License, see the LICENSE file, and grant you a license to any code in the repository under the MIT License, see the LICENSE-CODE file.

Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.

Privacy information can be found at https://privacy.microsoft.com/en-us/

Microsoft and any contributors reserve all other rights, whether under their respective copyrights, patents, or trademarks, whether by implication, estoppel or otherwise.