Giter Site home page Giter Site logo

cnapp-workshop's Introduction

Cloud-Native Application Protection Platform workshop

Calico on EKS

Workshop objectives

The intent of this workshop is to educate security and technical teams working with Kubernetes platform how to secure cloud-native applications deployed onto the platform using Calico Cloud. While there are many capabilities available in Calico Cloud, this workshop focuses on a subset of specific security features used often by security teams and other types of technical users.

Use cases

In this workshop we are going to focus on these main use cases:

  • Secure applications at deployment time, leveraging Image Assurance capabilities to detect image vulnerabilities and use security policies to determine next action.
  • Zero-trust workload security and identity-aware microsegmentation, using identity-aware security policies to configure zero-trust security for cloud-native applications.
  • [WIP] Run-time threat defense, leveraging Calico Cloud IDS/IPS and anomaly detection features to detect suspicious behaviors and zero-day threats.

Join the Slack Channel

Calico User Group Slack is a great resource to ask any questions about Calico. If you are not a part of this Slack group yet, we highly recommend joining it to participate in discussions or ask questions. For example, you can ask questions specific to EKS and other managed Kubernetes services in the #eks-aks-gke-iks channel.

Workshop prerequisites

It is recommended to use your personal AWS account which would have full access to AWS resources. If using a corporate AWS account for the workshop, make sure to check with account administrator to provide you with sufficient permissions to create and manage EKS clusters and Load Balancer resources.

  • Calico Cloud trial account
  • AWS account and credentials to manage AWS resources
  • Terminal or Command Line console to work with AWS resources and EKS cluster
    • most common environments are Cloud9, Mac OS, Linux, Windows WSL2
  • kubectl
  • Git
  • netcat

This workshop uses AWS Cloud9 instance as a workspace environment. If you're familiar with the tools listed in prerequisites section, feel free to use a workspace environment you are most comfortable with.

Modules

Cleanup

  1. Delete application stack to clean up any loadbalancer services.

    kubectl delete -f demo/app/dev.yaml
    kubectl delete -f demo/app/hipstershop_v0.3.2.yaml
  2. Delete EKS cluster.

    eksctl delete cluster --name tigera-workshop
  3. Delete EC2 Key Pair.

    If you created EC2 KeyPair for the EKS cluster, you can remove it if no longer needed.

    export KEYPAIR_NAME='<set_keypair_name>'
    aws ec2 delete-key-pair --key-name $KEYPAIR_NAME
  4. Delete Cloud9 instance.

    Navigate to AWS Console > Services > Cloud9 and remove your workspace environment, e.g. tigera-workspace.

  5. Delete IAM role created for this workshop.

    # use your local shell to set AWS credentials if needed
    # otherwise skip these two lines and execute commands below
    export AWS_ACCESS_KEY_ID="<your_accesskey_id>"
    export AWS_SECRET_ACCESS_KEY="<your_secretkey>"
    
    # delete IAM role
    IAM_ROLE='tigera-workshop-admin'
    ADMIN_POLICY_ARN=$(aws iam list-policies --query 'Policies[?PolicyName==`AdministratorAccess`].Arn' --output text)
    aws iam detach-role-policy --role-name $IAM_ROLE --policy-arn $ADMIN_POLICY_ARN
    aws iam remove-role-from-instance-profile --instance-profile-name $IAM_ROLE --role-name $IAM_ROLE
    # if this command fails, you can remove the role via AWS Console once you delete the Cloud9 instance
    aws iam delete-instance-profile --instance-profile-name $IAM_ROLE
    aws iam delete-role --role-name $IAM_ROLE

cnapp-workshop's People

Contributors

ivansharamok avatar josephyostos avatar

Stargazers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.