Course Overview
The One Day Hack for Security prepares IT professionals of all flavours for identifying and resolving security issues in cloud-native development and deployment processes. This hack gives attendees the hands-on experience of working with security on Kubernetes powered by Azure Kubernetes Service (AKS) and Microsoft Azure in general. The concept of this Security-focused One-Day Hack is based on attendees working in teams while completing a set of gated challenges that will boost their knowledge in the area of security that is needed now more than ever since security is a crucial topic in today’s modern, containers-based cloud-native world. They will do that by leveraging Azure Active Directory and RBAC, Azure Key Vault, integration of a CSI driver with Azure Kubernetes Service, and advanced features of Azure’s networking
Course Content
The challenges are connected – building on the previous one. The attendees will be faced with three challenges. They will be given an Azure Kubernetes Service cluster running a demo application consisting of several microservices developed using Node.js. The challenges are briefly described below
Challenge 1: Who is who in the zoo?
Introduction to user authentication and authorization while using Azure AD and AKS will start with the team looking to improve their solution's security. They will have access to AKS running a demo application. The team will have to define and manage users’ access level to AKS resources, keeping the whole system secured while still enabling every engineer to do what they need to do
Challenge 2: Hush, hush
The team will be introduced to using secrets in the Kubernetes cluster. They will need a tool for handling their secrets, and they will use Azure Key Vault. Once they create Azure Key Vault and their secrets, they should edit their deployment templates to consume the newly created secrets and implement a CSI driver in their cluster
Challenge 3: It’s time to create some order here
After the team has implemented a user authentication and authorization strategy and stored the secrets in a secure place, the application in the AKS cluster is much more secure. However, that is nearly not enough to call their system secure. The team should also consider communication protocols between microservices (containers) internally and externally. To achieve that,
they will have to add a set of rules for the cluster to abide by