{"id":18332471,"url":"https://github.com/tigera-solutions/cc-aks-zero-trust-workshop","last_synced_at":"2025-08-10T14:05:53.020Z","repository":{"id":153125785,"uuid":"592865583","full_name":"tigera-solutions/cc-aks-zero-trust-workshop","owner":"tigera-solutions","description":"In this AKS-focused security workshop, you will work with Calico and Microsoft Azure experts to learn how to implement zero-trust security for workloads to reduce the attack surface of applications running on AKS. This 90-minute hands-on lab comes with your own Calico Cloud environment and a sample app environment.","archived":false,"fork":false,"pushed_at":"2024-03-07T15:27:28.000Z","size":92,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-13T04:51:47.220Z","etag":null,"topics":["aks","azure","cc","regismartins","security","workshop"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tigera-solutions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-24T17:48:59.000Z","updated_at":"2025-02-11T19:38:26.000Z","dependencies_parsed_at":"2024-11-05T19:49:18.319Z","dependency_job_id":"f0a0332c-3c0b-44dd-b239-a1de0a0e10d9","html_url":"https://github.com/tigera-solutions/cc-aks-zero-trust-workshop","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tigera-solutions/cc-aks-zero-trust-workshop","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tigera-solutions%2Fcc-aks-zero-trust-workshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tigera-solutions%2Fcc-aks-zero-trust-workshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tigera-solutions%2Fcc-aks-zero-trust-workshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tigera-solutions%2Fcc-aks-zero-trust-workshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tigera-solutions","download_url":"https://codeload.github.com/tigera-solutions/cc-aks-zero-trust-workshop/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tigera-solutions%2Fcc-aks-zero-trust-workshop/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269734150,"owners_count":24466554,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-10T02:00:08.965Z","response_time":71,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aks","azure","cc","regismartins","security","workshop"],"created_at":"2024-11-05T19:39:09.621Z","updated_at":"2025-08-10T14:05:52.985Z","avatar_url":"https://github.com/tigera-solutions.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Microsoft Azure: Hands-on AKS workshop \u003c/br\u003e Implementing zero-trust security for containers\n\n## Welcome\n\nIn this AKS-focused workshop, you will work with Microsoft Azure and Calico Cloud to learn how implement zero-trust security for workloads to reduce the attack surface of applications running on AKS.  \n\nCloud-native applications require a modern approach based on the zero-trust principles of identity-based access, least privilege access, and proactively detecting threats and reducing the blast radius in case of a breach.\n\nCalico Cloud enables fine-grained, zero-trust workload access controls between your microservices and external databases, cloud services, APIs, and other applications. It also prevents the lateral movement of threats with identity-aware segmentation that works across all of your workload environments, including hosts, VMs, Kubernetes components, and services.\n\nYou will come away from this workshop with an understanding of how others in your industry are securing and observing cloud-native applications in Microsoft Azure, along with best practices that you can implement in your organization.\n\n### Time Requirements\n\nThe estimated time to complete this workshop is 60-90 minutes.\n\n### Target Audience\n\n- Cloud Professionals\n- DevSecOps Professional\n- Site Reliability Engineers (SRE)\n- Solutions Architects\n- Anyone interested in Calico Cloud :)\n\n### Learning Objectives\n\n1. Learn how to deploy zero-trust workload access controls with namespace isolation recommendations\n2. Extend firewall protection at the granular, workload level\n3. Block lateral movement of APTs with identity-aware microsegmentation\n4. Understand how to apply zero-trust security controls at application level.\n\n## Workshop Environment Preparation\n\n\u003e [!WARNING]\n\u003e **For this workshop, you are expected to have access to a previously created AKS cluster.**\n\n- Please, follow the instructions on the repository below if you don't have it ready:\n\n  [Calico Cloud on AKS - Workshop Environment Preparation](https://github.com/tigera-solutions/aks-workshop-prep)\n\n- We will run this workshop from the Azure Cloud Shell, as described in that repository.\n\n- To start your cluster, reload the environment variables create in your Azure Cloud Shell first and then start the cluster. Use the following command:\n\n  ```bash\n  source ~/workshopvars.env\n  az aks start --resource-group $RESOURCE_GROUP --name $CLUSTERNAME\n  ```\n\n## Modules\n\nThis workshop is organized in sequential modules. One module will build up on top of the previous module, so please, follow the order as proposed below.\n\nModule 1 - [Connect the Azure AKS cluster to Calico Cloud](/mod/module-1-connect-calicocloud.md)  \nModule 2 - [Zero-Trust Workload Access Control with Namespace Isolation Recommendation](/mod/module-2-ztac-ns-isolation.md)  \nModule 3 - [Workload Isolation with Microsegmentation](/mod/module-3-wkload-isolation.md)  \nModule 4 - [Application Level Observability](/mod/module-4-application-observability.md)  \nModule 5 - [Clean up](/mod/module-5-clean-up.md)  \n\n## Useful links\n\n- [Project Calico](https://www.tigera.io/project-calico/)\n- [Calico Academy - Get Calico Certified!](https://academy.tigera.io/)\n- [O’REILLY EBOOK: Kubernetes security and observability](https://www.tigera.io/lp/kubernetes-security-and-observability-ebook)\n- [Calico Users - Slack](https://slack.projectcalico.org/)\n\n**Follow us on social media:**\n\n- [LinkedIn](https://www.linkedin.com/company/tigera/)\n- [Twitter](https://twitter.com/tigeraio)\n- [YouTube](https://www.youtube.com/channel/UC8uN3yhpeBeerGNwDiQbcgw/)\n- [Slack](https://calicousers.slack.com/)\n- [Github](https://github.com/tigera-solutions/)\n- [Discuss](https://discuss.projectcalico.tigera.io/)\n\n\u003e [!NOTE]\n\u003e The examples and sample code provided in this workshop are intended to be consumed as instructional content. These will help you understand how Calico Cloud can be configured to build a functional solution. These examples are not intended for use in production environments.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftigera-solutions%2Fcc-aks-zero-trust-workshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftigera-solutions%2Fcc-aks-zero-trust-workshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftigera-solutions%2Fcc-aks-zero-trust-workshop/lists"}