Learn AKS network security

Learn how to secure network communication in AKS/Kubernetes cluster
Learn AKS network security
File Size :
1.44 GB
Total length :
3h 7m



Houssem Dellai


Last update




Learn AKS network security

What you’ll learn

Learn AKS and Kubernetes network best practices
Learn how to securely expose services in Kubernetes
Learn how to secure pod to pod communication
Learn to setup TLS certificates for pods and ingress

Learn AKS network security


You will need to understand the fundamentals of kubernetes. This course build up on the basics.


For an AKS cluster, there are two types of traffic. First one is the internal traffic between pods. The second one is the ingress and egress traffic that is between pods and the end users or the internet.This course provides the tools and techniques to secure these networks using tools like Network Policies with Calico, TLS certificates, etc.Microsoft provides the following recommendations to secure an AKS cluster and this course will try to go deeper with demonstration.Recommendation 1: To distribute HTTP or HTTPS traffic to your applications, use ingress resources and controllers. Compared to an Azure load balancer, ingress controllers provide extra features and can be managed as native Kubernetes resources.Recommendation 2: To scan incoming traffic for potential attacks, use a web application firewall (WAF) such as Barracuda WAF for Azure or Azure Application Gateway. These more advanced network resources can also route traffic beyond just HTTP and HTTPS connections or basic TLS termination.Recommendation 3: Use network policies to allow or deny traffic to pods. By default, all traffic is allowed between pods within a cluster. For improved security, define rules that limit pod communication.Recommendation 4: Don’t expose remote connectivity to your AKS nodes. Create a bastion host, or jump box, in a management virtual network. Use the bastion host to securely route traffic into your AKS cluster to remote management tasks.


Section 1: Introduction to Kubernetes

Lecture 1 How to setup an AKS cluster

Lecture 2 Cluster infrastructure resources

Lecture 3 Create Pod

Lecture 4 Create deployment object

Lecture 5 Exec into Pod

Lecture 6 Scale pods

Lecture 7 Create private service

Lecture 8 Create public service using LoadBalancer

Lecture 9 View kubernetes objects in the Azure portal

Section 2: Comparing AKS public and private clusters

Lecture 10 Intro

Lecture 11 Architecture of a public cluster

Lecture 12 Private cluster with Private Endpoint

Lecture 13 Public cluster with VNET integrtion

Lecture 14 Private cluster with VNET integration

Lecture 15 Accessing a private cluster

Lecture 16 Recap

Section 3: Kubernetes CoreDNS

Lecture 17 Introduction to Core DNS (previously Kube-DNS)

Lecture 18 [Demo] Setting up custom domain name using CoreDNS

Section 4: Securing Ingress using TLS/HTTPS

Lecture 19 Exposing non secure ingress

Lecture 20 Introduction to securing Ingres using TLS certificates

Lecture 21 [Demo] Securing ingress using TLS certificate stored in kubernetes secret

Lecture 22 Securing ingress traffic using TLS certificates stored in Azure Key vault

Lecture 23 [Demo] Securing ingress traffic using TLS certificates stored in Azure Key vault

Section 5: Securing inter Pod communication using TLS

Lecture 24 Introduction to inter pod communication

Lecture 25 [Demo] Securing Pod to Pod communication

Section 6: Implementing network policy using Calico

Lecture 26 Introduction to Calico

Lecture 27 Setting up the demo env

Lecture 28 All pods across namespaces can communicate with each other

Lecture 29 Deploying the first network policy to deny all traffic between pods

Lecture 30 [Demo] Testing the deny all policy

Lecture 31 Deploying a policy to allow specific traffic

Lecture 32 [Demo] Testing the allow traffic policy

Lecture 33 Creating network policy to allow traffic in a certain namespace

Lecture 34 Exploring Network Policy Viewer tool

Section 7: Setting up AKS, ACR and VM in a private virtual network

Lecture 35 Introduction to private AKS cluster in VNET

Lecture 36 [Demo] Creating private AKS and VM

Lecture 37 Introduction to private ACR with private AKS

Lecture 38 [Demo] Creating private ACR and setting the connection with AKS

This course is for platform teams that needs to manage Kubernetes cluster and securely deploy apps.

Course Information:

Udemy | English | 3h 7m | 1.44 GB
Created by: Houssem Dellai

You Can See More Courses in the IT & Software >> Greetings from CourseDown.com

New Courses

Scroll to Top