The thoroughly distributed Azure Kubernetes Service (AKS) makes deploying and maintaining applications simple. It gives serverless Kubernetes, a combined steady integration and constant delivery (CI/CD) activity, security and governance. Azure also adds in elements such as network security groups and organized cluster upgrades. These security elements are connected to keep the AKS cluster running the most advanced OS security updates and Kubernetes releases, and with strong pod traffic and access to delicate credentials.
In this hands-on lab, learners will gain experience in deploying an AKS cluster and Role Based Access Control (RBAC). They will also understand the role of an AKS cluster administrator. Other guided challenges in this series are “Create Microsoft Azure Resource Locks on a WebApp”, “Can You Configure Multi-scope Network Security?”, and “Can You Configure Multi-scope Resource Permissions?”
Understand the Scenario
To protect client data as you manage application workloads in Azure Kubernetes Service (AKS), the safety of the cluster is an important factor. Kubernetes adds security elements such as network policies and Secrets. In this virtual lab, You are a system administrator for a firm that is moving its web services from its on-premises datacenter to Azure. Your job is to deploy Kubernetes applications by using the Azure Kubernetes Service (AKS) and security best practices, as a proof of concept.
Understand your environment
In this IT Pro Challenge virtual lab, you will use an Azure resource group that initially contains no resources. Azure Resources Groups are relevant groups of virtual machines, storage accounts, virtual networks, apps, and servers. You will create the required resources to accomplish the challenge.
Deploy an AKS cluster and enable Role Based Access Control (RBAC)
Azure Kubernetes Service (AKS) is Microsoft Azure’s distributed Kubernetes solution. AKS enables users to swiftly create a Kubernetes cluster in Microsoft Azure and gives features to operate and manage Kubernetes cluster in Azure. In this section of the hands-on lab, you will first sign in to the Azure portal by using given credentials. You will create an Azure Kubernetes Service (AKS). For this, you will learn how to configure various important features such as node size, scale, authentication, and monitoring. In the monitoring section, you will enable Role-Based Access Control (RBAC). Role-based access control (RBAC) is a method that gives access to the management of Azure resources. Using RBAC, one can separate tasks within the team and grant only the part or segment of access to users that they require to complete their jobs.
Connect to the AKS cluster as administrator
In this second section of the lab, you will launch Azure Cloud Shell for Bash and create a storage account and file share for Cloud Shell in the current resource group by utilizing the advanced settings option. Azure Cloud Shell is a verified, browser-accessible shell for running Azure resources. You will then name the storage account and the file. After this, you will use the Azure CLI command to connect to the AKS cluster(created in section one) as administrator. Finally, you will learn how to verify the security context of the connection to the cluster. After completing these steps, you will then make sure that you can connect to the AKS cluster by using administrator credentials and return a list of the cluster nodes.
Deploy a container in the AKS cluster as a non-admin user
In this final section of the virtual lab, you will launch an InPrivate browser window and sign in by using the given credentials. You will then try to scale the AKS Cluster to three nodes. You will launch Azure Cloud Shell for Bash using the existing storage account and file share in the existing resource group by utilizing the advanced settings option. You will then learn how to verify the security context of the connection to your cluster. This will show a non-admin user context. After verification, you will deploy an NGINX image by using the shell command and verify that a Kubernetes pod has been created. Finally, you will verify that you are connected to the AKS Cluster as a non-admin user and deployed the NGINX container app in the AKS cluster.
Lab Summary Conclusion
After completing the “Configure AKS security” virtual lab, you will have accomplished the following:
- Deployed an AKS cluster and enabled Role Based Access Control (RBAC).
- Connected to the AKS cluster as administrator.
- Deployed a container in the AKS cluster as a non-admin user.
- Skills: Deploy Kubernetes applications, Azure Kubernetes Service (AKS), Migrate web services to Azure, Implement Kubernetes ingress controller.
- Time limit: 45 min
- Skill level: Guided/ Beginner
- Work roles: System Administrator, Software Developer, Secure Software Assessor, Product Support Manager.