The intent of this workshop is to introduce Calico Cloud to manage AKS clusters and leverage Calico features to implement the various use cases. While there are many capabilities that the Calico product provides, this workshop focuses on a subset of those that are used most often by enterprises to derive value from the Calico Product.
In this workshop we are going to focus on these main use cases (with links to Calico docs for further info). Note that features for policy and visibility as outlined in this workshop are identical between Calico Cloud and Calico Enterprise. Consult the Calico Enterprise docs for further reading:
- Integration: Integrating Calico Cloud into the AKS clusters.
- East-West security: leveraging zero-trust security approach.
- workload access controls: using DNS policy to access external resources by their fully qualified domain names (FQDN).
- Observability: exploring various logs and application level metrics collected by Calico.
- Compliance: providing proof of security compliance.
Calico User Group Slack is a great resource to ask any questions about Calico. If you are not a part of this Slack group yet, we highly recommend joining it to participate in discussions or ask questions. For example, you can ask questions specific to EKS and other managed Kubernetes services in the #eks-aks-gke-iks
channel.
- Developers
- DevOps Engineers
- Solutions Architects
- Anyone that is interested in Security, Observability and Network policy for Kubernetes.
It is recommended to follow the AKS creation step outlined in Module 0 and to keep the resources isolated from any existing deployments. If you are using a corporate Azure account for the workshop, make sure to check with account administrator to provide you with sufficient permissions to create and manage AkS clusters and Load Balancer resources.
- Azure Kubernetes Service
- Calico Cloud trial account
- Terminal or Command Line console to work with Azure resources and AKS cluster
Git
netcat
- Module 0: Creating an AKS compatible cluster for Calico Cloud
- Module 1: Joining AKS cluster to Calico Cloud
- Module 2: Configuring demo applications
- Module 3: Pod access controls
- Module 4: DNS egress access controls
- Module 5: Layer 7 Logging
- Module 6: Using observability tools
- Module 7: Packet Capture
- Module 8: Using compliance reports
- Module 9: Using alerts
- Module 10: Honeypod Threat Detection
- Module 11: Deep Packet Inspection
-
Disconnect your cluster from CalicoCloud by following the instruction here
Whether you’ve finished with your Calico Cloud Trial or decided to disconnect your cluster from Calico Cloud, we know you want your cluster to remain functional. We highly recommend running a simple script to migrate your cluster to open-source Project Calico.
curl -O https://installer.calicocloud.io/manifests/v3.19.0-1.0-7/downgrade.sh
chmod +x downgrade.sh
./downgrade.sh --remove-all-calico-policy --remove-prometheus
-
Delete application stack to clean up any
loadbalancer
services.kubectl delete -f demo/dev/app.manifests.yaml kubectl delete -f demo/boutiqueshop/app.manifests.yaml
-
Delete AKS cluster.
az aks delete --name $CLUSTERNAME --resource-group $RGNAME
-
Delete the azure resource group.
az group delete --resource-group $RGNAME
-
Clean up workshop variables from
~/.bashrc
.sed -i "/UNIQUE_SUFFIX/d; /RGNAME/d; /LOCATION/d; /CLUSTERNAME/d; /K8SVERSION/d" ~/.bashrc